I guess that's a very simple task, but I can't manage to have SSL work on gitlab pages. Gitlab pages documentation is too vague for me.
For example, when they say "Make sure your domain doesn't have an AAAA DNS record." does that mean the subdomain (say gitlab.mysite.com) doesn't have a AAAA record. Or does it mean my whole DNS configuration shouldn't have such a record?
Also if that's the later, how can I manage to make this work?
Maybe someone has a source to a good tutorial for this because I really struggle finding simple information (not assuming any prior knowledge about SSL/gitlab).
I just went through the whole process beginning to end and set up a GitLab Pages website on a custom domain with a Let's Encrypt certificate -- it worked like a charm.
I had to:
a) set up a TXT record to verify domain ownership, and
b) add an A record to point at the GitLab Pages IP address (since my domain DNS management provider didn't allow me to set up a domain-level CNAME)
After this, GitLab went and fetched a Let's Encrypt certificate for my Pages web site.
I didn't have a AAAA record, so that didn't come into the picture.
As per GitLab Pages documentation section GitLab Pages integration with Let's Encrypt,
Caution: This feature covers only certificates for custom domains
Issue 3342 is open to add support for sub-domains.
If you are still having trouble, let me know, I'd be happy to help with this.
These days I am researching on capturing and decoding SSL traffic from apk files, I have learned that it is possible to use Fiddler to do that, I have done all the steps in the following link
Cannot configure Fiddler proxy in Android to decrypt HTTPS
But my situation is a little different, I can decode some SSL traffic from apk files, but some SSL traffic seems does not go through WLAN, not like the situation in above links, it does not appear in Fiddler capturing window(maybe the code in apk deliberately set to not go through WLAN to avoid being captured?)
so I tried proxydroid to make all traffic go to my fiddler proxy, It succeeded, now it appears in fiddler capturing window, but it seems not using fiddler root cert like those traffic which goes through WLAN as default, so I can only see "connect to xxx" in Fiddler window, but no decryption
I even tried xpose framework and JustTrustMe, still no use(although I think the problem does not lie there)
So in such a situation, Is there a way to decode? I think the key is to both direct SSL traffic to fiddler proxy and use root cert simultaneously, but How?
UPDATE:
not to mention this specific problem, currently Could someone give me some information about how a SSL cert is used in android system, why those https links which use WLAN as default will use cert automatically, I guess it's because those links which use WLAN as default is just like use https link in browser , while cert is trusted by browser when you installed this root cert, but those links which do not use WLAN as default actually do not trigger https link like in browser, so even using some tool to redirect those links to fiddler proxy can not make it trust the cert, so they just do not use this root cert?? if my guess is right, then maybe there is no easy solution to solve this problem??
UPDATE2:
I have posted another topic, which tries to solve this problem from another perspective, it provided specific apk link, so if someone is interested, you can visit that topic to get more info
I am trying to set custom domain for my Firebase app.
Firebase hosted url : https://inventory-app-726af.firebaseapp.com/
Custom Domain: inv.agsft.com
I have followed all instructions as part of setting custom domain but after verification step when I click on finish button, status will always be "Needs Setup".
I am managing DNS through cloudflare (https://www.cloudflare.com/) and I am following Quick setup option.
Any pointers to resolve it?
I had the same problem, I was able to resolve it by toggling the DNS Status on cloudflare from DNS and HTTP Proxy (CDN) to just DNS on the two A records
It started working right away.
The proper solution, ie without disabling Cloudflare for the site, is to use Full SSL for your domain/subdomain.
You can either choose Full SSL for all your domain entries, or set up a Page Rule for a specific subdomain, in your case, use "inv.agsft.com/*"
Source: https://community.cloudflare.com/t/flexible-ssl-redirect-loop-with-google-firebase/2063/3, which in turn points to https://support.cloudflare.com/hc/en-us/articles/115000219871-Why-does-Flexible-SSL-cause-a-redirect-loop-
Had the same issue and this solved the redirect issue. Firebase will however still report the domain as "Needs setup", for that I have no solution, but it does not affect the functionality of the hosting.
For the people that is using Namecheap, This configuration worked for me.
To avoid any kind of ssl issues when using firebase hosting and cloudflare you have to check to following points:
You don't need to toggling the DNS Status on cloudflare from DNS and HTTP Proxy (CDN) to just DNS on the two A records unless you don't want the cloudflare ssl certificates and want to just use the firebase ssl certificates (look to this carefully because you will loose the protection that cloudflare provides to your site in case you decide to use only the clouflare DNS)
If you "keep the cloud orange" it will not causes any problem to your firebase hosting.
Add the firebase IP's to cloudflare following the instructions provided by firebase hosting and remove any other A record from your domain/subdomain that you are setting up
To ensure you have a end-to-end encryption (using both firebase ssl as well as cloudflare ssl), make sure that your cloudflare crypto options is set to "Full":
Use a page rule likes in case that you want your root domain to receive all trafic:
In your firebase hosting setup, do the same:
p.s: Look that the message "Needs setup" is still there but the app is running without any problem.
p.s2: the majority problems regarding cloudflare and firebase is that firebase ssl can take several hours to start to work and you keep seeing a message like "your connection is not private". It happens not beucase cloudflare is messing our proxy out but because firebase ssl is still not fully propagated.
I hope it help others :)
In my case I did the same that Brennen did:
toggling the DNS Status on cloudflare from DNS and HTTP Proxy (CDN) to just DNS on the two A records.
But just start working when I:
Delete the domain from firebase. (click on the : points select delete domain)
refresh the firebase site
Added again in Quick Setup. I already had the A record added in Cloudflare so I didn't added again.
After that automatically the status added was connected.
Remember: Before testing, clean your browser cache.
When I run dig -t txt +noall +answer inv.agsft.com there are no TXT records showing. Since those are required to verify your ownership of the domain, Firebase Hosting will not continue the setup beyond step one.
Update: since the next step requires you to map A records to the IP addresses of Firebase hosting, I ran the relevant dig too:
$ dig -t a +noall +answer inv.agsft.com
inv.agsft.com. 299 IN A 104.18.56.240
inv.agsft.com. 299 IN A 104.18.57.240
Those are not the addresses I'd expect for Firebase Hosting, so it looks like either you haven't correctly entered the A records, or they have't propagated yet.
When I change my setting like below, it started to work again.
Redirect loop fixed:
For GoDaddy this adding the following solved it for me:
TYPE:A
NAME:#
VALUE: your ip_1
TYPE:A
NAME:#
VALUE: your ip_2
June 2020
Just wanted to share what was successful for me. It was a combination Brennen and Lisbel's answer.
Step 1: Toggle off your DNS status to get a grey cloud (as shown in the earlier answer)
Step 2: Delete the domain from firebase
Step 3: Add it back with Quick Steup
It should be connected after these steps!
I had the same issue. Here's how I fixed it:
1) Cick the View button on the problematic domain (in the Hosting section next to where it says Needs Setup).
2) Change the 'Setup mode' from Quick Setup to Advanced and follow the 3 steps
2a) Open your domain provider's settings (I'm using Google Domains) and add the TXT record it's giving you.
2b) Wait about 4-12 hours for verification
2c) Add the provided A records into your domain provider's settings
This is not a quick process, but it should be working about 5 minutes after you complete step 2c.
Toggling DNS mode didn't work for me. So I tried following approach and it worked for me.
Add CNAME record pointing to {firebase-project}.firebaseapp.com or {firebase-project}.web.app, you could add A record and try.
ADD TXT record as firebase ask you
Verify from firebase (this will show as needs setup, also it didn't go away although this worked)
If new domain/subdomain doesn't works check your browser developer tools network tab. If there are lots of 301 happening then go to cloudflare page rules. Add newdomain.com/* or subdomain.newdomain.com/* then add settings select SSL and set it to full as follows.
Then it will work as expected.
Working as of 11st May 2022 without need to toggle DNS and HTTP Proxy (CDN).
Steps:
Go to Cloudflare Dashboard.
Select SSL/TLS.
Select Overview.
Select Full option for SSL/TLS encryption mode.
After that, refresh your website that previously have issue to access.
Now the website can access successfully.
I need to add SSL to my heroku custom domain. I have done through a wide variety of keys/crts/pems etc. All I want to do is have SSL on a heroku wildcard custom domain.
I bought a wildcard ssl certificate. I have a plan on DNSimple.com, and now I need to upload everything to the server.
What files do I need to add? How can I get them?
I have a Certificate and a private key from DNSimple, now I understand I have to upload a CRS file to DNSimple. Can someone offer a step-by-step, heroku's is very poorly designed and convoluted.
Right now, chrome gives me a big red user warning.
Thanks,
Brian
Hope you have gone through Heroku documentation for DNS simple-
https://devcenter.heroku.com/articles/ssl-endpoint
https://devcenter.heroku.com/articles/ssl-certificate-dnsimple
If still not working, let me know. Will post the steps needed to do this.
I have two "Web Sites" running under IIS6 (Windows Server 2003R2 Standard), each bound to a separate IP address (one is the base address of the server).
I used SelfSSL to generate and install an SSL certificate for development purposes on one of these sites and it works great. I then run SelfSSL to generate a certificate for the second site and the second site works, but now the first site is broken over SSL.
I run SSL Diagnostics and it tells me:
WARNING: You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed
If I re-run SelfSSL on the first site (to fix it), the first site works but then the second site is broken.
It seems like SelfSSL is doing something in a way that is designed to work with only one Website, but I can't seem to put my finger on exactly what it's doing and figure out how to suppress it. I would manually configure SSL but I don't have a certificate server handy, but maybe there is a way to get SelfSSL to just gen the cert and let me install it?
FWIW I have also followed the guidance of several posts that indicate changes to the permissions of the RSA directory are in order, etc. but to no avail. I don't work with SSL everyday so I may be overlooking something that someone with more experience might notice, or perhaps there is a diagnostic process that I could follow to get to the bottom of the issue?
We had a similar problem today. Our IT guy said he solved it by basically using ssldiag instead of selfssl to generate the certs.
See the reply from jayb123 at this URL: http://social.msdn.microsoft.com/forums/en-US/netfxnetcom/thread/15d22105-f432-4d8f-a57a-40941e0879e7
I have to admit I don't fully understand what happened, but I'm on the programming side rather than the network admin side.