I purchased a domain on Netlify and deployed an app to Heroku. Now I needed to add an ALIAS record to Netlify, as I understood. I removed the other DNS records:
If I now browse to the domain, I get a warning that the site is not secure. It looks like an ssl certificate is not valid / not present:
However, before this, I had a safe connection to both the acquired Netlify domain and to the Heroku app.
I did read here that this may have to do with having multiple conflicting records:
Note that one of the main reason that our system will issue an
incomplete certificate is when there is a multiple conflicting records
for your apex/bare domain or subdomain. Making you don’t have
duplicate DNS records should typically help resolve issues like these.
I did have 4 other records (root and www, NETLIFY and NETLIFYv6) for this domain, which I removed just a minute ago.
Is this a matter of waiting? How long should I wait?
Related
I had AutoSSL by Comodo on my CentOS WHM VPS previously configured and running. After the certificates got expired, I installed Let's Encrypt and tried to renew certificates via that service which failed with error that signified a DCV validation issue due to me to using the server's DNS. Also the HTTP validation was failing too.
Later, I switched back to Comodo AutoSSL and renewed two of the sites while all others failed with same error above.
Now the issue that persists is that I can't access the websites except one (the main account on WHM). All of the sites are showing defaultwebpage.cgi
What might possibly be the issue and what can be done to get the system back up?
Finally got the issue solved. The faults on my setup that made the DCV to fail were (different for different domains).
For a few domains, the DNS had AAA records(with IPV6 values) that prevented the updation.
For another domain the issue was that the DNS was on cloudflare and it wasn't getting auto updated. So, i had to manually enter the record that has name '_cpanel-dcv-test-record' and a value that had a data like '_cpanel-dcv-test-record=UF0zA7G97dxugw_u10XVpkRJ0faQg2bk2UHf2vDJkhKcElawaQqyaLtCL3VsquAGxv' (sample values for reference. not real)
I made the above changes, selected the domains (Inside CPanel for individual account > SSL > SSL Status) that needed the change and pressed the 'Run Auto SSL'.
Hope this helps someone who goes through a smilar situation.
I'm trying to use Heroku's Automatic Certificate Management to set up SSL for my site. My app is on heroku at myapp.herokuapp.com, and I currently have Subdomain Forwarding set up so that http://www.myapp.com properly shows my app.
What I want is to have my site hosted at https://myapp.com.
I ran heroku certs:auto:enable, but it shows:
=== Automatic Certificate Management is enabled on myapp
Domain Status
───────────────── ───────────
www.myapp.com Failing
Running heroku domains shows:
=== myapp Heroku Domain
myapp.herokuapp.com
=== myapp Custom Domains
Domain Name DNS Target
───────────────── ───────────────────────────────
www.myapp.com www.myapp.com.herokudns.com
Right now, in Google Domains, I have a Subdomain Forward from #.myapp.com to http://www.myapp.com. I also have a Custom Resource Record with the name www, type CNAME, and data myapp.herokuapp.com..
What do I need to change in my setup so that I can host my site at https://myapp.com?
Unfortunately, Google Domains does not support the ANAME or ALIAS record. You must use one of these for your apex domain. Here's the full list supported by Google Domains.
https://support.google.com/domains/answer/3290350
Heroku has a list of DNS providers that support the ALIAS or ANAME records here: https://devcenter.heroku.com/articles/custom-domains#add-a-custom-root-domain Personally, I use DNSimple and have had great success with them.
The CNAME target needs to be www.myapp.com.herokudns.com. In your question above you only have the apex record in your DNS in myapp.com.herokudns.com. If this is not the case can you share the domain so I can dig the record for more information?
I've had the same problem with Heroku and other PaaS providers over and over: depending who provides and manages the DNS for your domain you may or may not able to use a CNAME or ALIAS record on the naked domain. That's why we've created a simple service to solve this by applying a simple SSL redirection from the naked domain to the "www" under SSL, without changing your DNS management provider: NakedSSL will give you an IP and will create and host an SSL certificate for your naked domain (https://yourdomain.com), redirecting it to the HTTPS URL that you want (most likely "https://www.yourdomain.com").
Disclaimer: I'm obviously part of the team that created NakedSSL. I hope you don't take this as self-promotion (anyway we offer it for free for 1 domain, which totally fits the needs of 95% of developers/hobbyist out there), but as a way to deal with this annoying situation in an easy way.
I'm getting an error:
Account Creation Status: failed
(XID s9wshe) The domain "mydomain.com” already exists in the Apache configuration.
This site was originally on Server 1. These are the nameservers:
NS1.DOMAIN.COM
NS2.DOMAIN.COM
He bought a secondary server. These are the nameservers:
NS3.DOMAIN.COM
NS4.DOMAIN.COM
I'm trying to move sites from the 1st server to the new server. He has add-on domains and sub accounts inside individual accounts in the WHM.
This specific website was added on inside one of these accounts (instead of being given it's own account in WHM). I believe that is why I am having this issue.
My question is what is the best way to configure the new account on the secondary server without taking the old site down for anything other than the domain nameserver change?
Figure out which server is currently being used by the nameservers of the domain. It sounds like you may have the DNS tied between the servers. As long as the domain is pointed at the other server's nameservers you can simply delete the DNS zone on the server you are trying to create the account on and then you should be able to add it. Afterwards, simply create the DNS zone again.
In my case I had a GoDaddy shared hosting with multiple add-on domains, When I tried to delete an addon domain and recreate it again, I got this error (Domain already exists in the Apache configuration). I fixed it by going to the alias under the domain section in Cpanel. Then deleted the alias. Waited a bit, then try to do the steps again. It worked for me.
My client is seeing a different version of the website on his computers then what I am seeing on mine. He claims to be deleting the cache. I'm using Safari with the cache disabled via the Develop menu and I see the correct version of the site.
Is it possible that the website is somehow cached by my client's ISP or something along those lines?
Update:
I think I need to describe the problem better:
My client has a web hosting package where he has his domains and email accounts. somedomain.com has it's A record changed to point to Behance's ProSite hosted service.
The problem is that when he goes to somedomain.com he gets the index.html that's sitting in his web server's public_html directory, and not his ProSite. Using the same domain I see the ProSite. He has cleared his cache and tried on a computer at home with the same result. This is what lead me to believe that there is some sort of caching issue somewhere along the line with his ISP(s).
Is there anything I can do about this?
Proxy servers at the ISP or even the client's site might do this. Or even network-compressors in some (mal)configurations.
Depending on the site you might also be seeing actually a different site. e.g. Google redirects to different servers using DNS load balancing.
Yes, you're right. To improve performance and the speed in loading page from the same request modern browser seem to great at caching. I myself have the same problem as well. To resolve this problem You should tag version of your projects whenever you deploy them to production.
Based on the update, the problem was with DNS cache.
DNS can be cached at the following levels:
browser
operation system
router
DNS provider
And each of them has its own way to flush DNS cache. Except DNS provider where the only thing you can is to wait for cache invalidation. Though you can replace your current DNS provider with another one who won't have your domain in his cache. You have all the chances to find such if your domain isn't popular.
I am currently building an application that I will host and will have multi-tenants (SaaS) called over the web, I would like them to be able to have subdomain.theircompany.com be able to point to subdomain.mycompany.com (or if they wish, point a full TLD to a subdomain with me).
The way I have been expecting this to work is to simply have a wildcard 'ServerAlias *.mycompany.com' in my Apache config pointing to my application, which then extracts the host being called...They then redirect via a CNAME entry on their host.
My question is, would this approach allow external subdomains to be pointed to a CNAME URL instead of IP? As this runs on one account on my system, am I able to install an SSL for a single wildcard if that customers wants to be running on SSL?
Any other suggestions/approaches would be greatly appreciated!
Thanks
A CNAME will work for the purposes of naming, but not for the purposes of a wildcard SSL cert.
Specifically, example.theircompany.com can have a CNAME record with a value of example.yourcompany.com. This will mean that example.theircompany.com will transparently resolve to your site. In other words, a browser still sees example.theircompany.com, not example.yourcompany.com.
As such, the SSL cert must be for the theircompany.com domain, not the yourcompany.com domain.