The naked domain stopped working, and gave me a 404 error. www domain worked fine. I ended up deleting both the naked domain and "www" domain from the custom domain settings and adding them again. The naked domain suddenly disappeared from that page. I only see the "www" domain there. (tried disabling cache and etc)
I have been trying to recreate the mapping for the naked domain, and it is giving me this error.
It seems like it is trying to process in the background but when I click override and continue, nothing happens. I don't see a naked domain mapping in the custom domains tab. When I go to naked domain url, ERR_CONNECTION_CLOSED error. Added an uptime check and it shows the following error:
Responded with "SSL Handshake Error" in 10,000 ms.
I purchased the domain from Google Domains, the DNS settings are set. Using google-managed SSL.
UPDATE:
The mapping is finally visible but the SSL certificate didn't work so still can't access.
DNS records could not be found. Certificate activation will retry automatically.
This resolved itself after waiting for a day. The naked domain now has a valid certificate.
Related
I am trying to add a custom domain to GAE but Google is struggling to issue an SSL certificate for the naked domain, as it says the DNS records could not be found.
I have tried to map both the naked domain and the www subdomain. When I entered these in the GAE custom domain section I was given 4xA records (above), 4xAAAA records (above), and 1x CNAME record for the www subdomain.
I've entered all of these records at GoDaddy.
The www subdomain in GAE was able to verify the DNS records relatively promptly but the naked domain has not been able to for 4/5 days now.
When I use a DNS lookup tool to check the A records, for the naked domain I see:
...and the four records provided by GAE are there (the other two can't be deleted or edited at GoDaddy). So why is GAE saying the DNS records cannot be found?
And when I use the same tool to lookup the www subdomain I see:
...which I guess must be correct as the certificate has issue without any problems.
If I remove the naked domain from GAE custom domain mapping then users just see a Google generated 404 error message saying the URL was not found on their servers.
Without the SSL, I can navigate to the naked domain using HTTP and I get redirected to the www subdomain (not sure if this is GoDaddy domain forwarding or Django PREPEND_WWW in action - both are setup). But if I try HTTPS on the naked domain, I get a page cannot be displayed due to failing to establish a secure connection, therefore I really need to get to the bottom of the SSL issuing problem.
I am not sure where I am going wrong and would appreciate some suggestions.
The traffic is confused, that is why the naked domain is not working because it was pointing to 2 separate vendors (server) by using the A record one from godaddy and another one from GAE. What you are doing is correct by adding the A record from GAE to your godaddy DNS. However the A record from godaddy must be deleted.
Based from this link possibly there is a forwarding setup wherein your domain is lock from the godaddy’s A record. It was also mentioned in the link that if you don't have forwarding setup, you can reach for their assistance on this link
Another possible concern is that a preset has been set on the account that permanently forwards your domain. It was suggested to remove the preset or change the settings of the preset to unlock the A record.
In Heroku, my domain name for www.[somesite].com shows an ACM Status of "OK".
I also am using automatically managed SSL.
On Google Domains, I have a CNAME for www pointing to the DNS target.
I also have a synthetic record forwarding # for .[somesite].com to https://www.[somesite].com, with Temporary Redirect, Do not forward path, and Disable SSL.
If I use "Enable SSL" I get an error saying that:
The SSL Certificate for this domain hasn't been created yet.This process may take up to 24 hours to complete.
However, the site does not work. I do not know why Heroku shows that it does nor why it gives a ACM Status of OK.
I have been beating my head against this for several hours and have no idea what to do. Anyone have an idea?
Updated 2021
The following guide will help you to set up a website with SSL and forward all versions of your site to the appropriately secured site (https).
(Heroku) Deploy the site on Heroku (either with CLI or Github integration)
(Heroku) Upgrade to the "Hobby" Dyno (for $7).
(Heroku) Add SSL by going to Settings -> Configure SSL. Choose "Automatically".
(Heroku) Add a domain (on heroku.com) by clicking "Add domain". Be sure to use www in the domain name. So the Domain Name text field would be "www.example.com".
(Google Domains) Add a Custom Resource Record
Name: www
Type: CNAME
TTL: 600
Data: URL from Heroku
For example, behavior-apple-eh2cfqgjkiop23q1wvd4372b.herokudns.com.
(Google Domains) Add a Synthetic Record
Subdomaine Forward
Subdomain: #
Destination URL: https://www.example.com
Permanent Redirect (301)
Forward path
Enable SSL
(Google Domains) If you are using a domain that requires DNSSEC (such as a .dev domain), enable DNSSEC in the DNSSEC section.
You will have to wait about 15 minutes for everything to propagate. At the conclusion of the 15 minutes, you will be able to go to every combination of your site, and it will redirect to https://www.example.com.
Some of the errors you may see along the way are as follows:
ACM Issue
On Heroku:
ACM is failing for 1 domain name
www.example.com Unable to resolve DNS for www.exampe.com
Solution: the reason you are seeing this is because your CNAME is not set up on Google Domains. Complete step (5) above to resolve this issue.
Extra Period Issue
(On Google Domains) "A period keeps getting added to the end of the "Data" section of the URL when I put it in."
Solution: This is expected.
Helpful images
Final Heroku Page
Final Google Domains Page
Resources
Other StackOverflow answer
My root domain isn’t working, what’s wrong?
Heroku Devcenter: Add a Custom Root Domain
I have configured my GoDaddy DNS through Cloudflare, pointing at Heroku's URLs (ivanteong.herokuapp.com) after adding www.ivanteong.com and ivanteong.com to custom domains of Heroku.
I have also added the CNAME for ivanteong.herokuapp.com to Cloudflare for its root and www, configured "Full" for the Crypto settings and enabled "Automatic HTTPS Rewrites". This is to make the site appear as HTTPS. I have also added Page Rules such that everything redirects to https://www.ivanteong.com.
However, I have been facing consistent issues with loading the pages on my website, in order of frequency:
1) When going to different pages on ivanteong.com, it will sometimes reach "There is nothing here yet" page on Heroku. Sometimes, it happens on the main site, other times it happens on the subpages. Visitors need to refresh the page multiple times before the actual page will load and the error page on Heroku is gone. This is bad for user experience as most of the time, users won't bother reloading as they will think the site is broken. I'm suspecting it has something to do with the rerouting of DNS or the DNS connection between Cloudflare and Heroku. I'm on the free tier on Heroku, wondering if that is the problem?
2) Sometimes, some of the assets such as the Javascript library or images will not load fully, and the site will appear without the images loaded or the UI scrambled, only resolved when I refreshed the page. It looks as if they load 80% of assets the first time and only finish loading everything after I reload the page. I'm wondering if it is something to do with forcing HTTPS encryption over all the assets?
I was also facing a similar problem. When I try to load(via https) https://example.com I was getting no app found error. I fixed it by adding multiple domains in heroku custom domain settings. I added both, domain with www subdomain and naked/root domain to heroku and now i get redirection to www.example.com but I don't get the no app error. I hope this might work for you as well.
The problem:
I have 2 websites that have the same IP address (a domain and a subdomain), and I have an SSL certificate for each of them. The domain is a word-press site while the sub domain is a ruby on rails application. the subdomain has the certificate installed and works with no problems, but when I try to add the second certificate for the main domain, it works, but it prevents access to the subdomain.
In the web browser inspection page it shows this error :
“XMLHttpRequest cannot load https://giladparking.com/wp-content/plugins/wp-slimstat/wp-slimstat-js.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://monthly.giladparking.com' is therefore not allowed access.”
What I have tried:
I have followed this tutorial to allow for SNI support and it seems to work except for the previously mentioned issue.
I have taken a look at this post as well which explains that you can't make XMLHTTPRequests across domains. but this issue only arises when both certificates are in effect.
“XMLHttpRequest cannot load https://giladparking.com/wp-content/plugins/wp-slimstat/wp-slimstat-js.php....
The certificate for this sites is valid for monthly.giladparking.com and www.monthly.giladparking.com but not for giladparking.com. That's why any access to this site will fail with a certificate error. This problem is not restricted to XMLHTTPRequests.
I have the following problem:
I'm using letsencrypt to obtain ssl-certificates for my sites.
Recently I registered a subdomain, which is working fine. Say my subdomain is called test and my main site is called website, then https://www.website.com works, as well as http://www.website.com (which redirects to the https-site), as well as https://website.com. Now http://test.website.com or test.website.com works well, but https://test.website.com delivers me the main site (so https itself seems to work, but i get the content of the main site, not of the subdomain. Does anybody know what the problem could be?
I'm using apache2 on Ubuntu14.04
Just check the certification installed for load balancer or not?
If this is the problem, Just add this certificate to it and it will resolve the problem.