I'm trying to setup SSL for my website which is hosted on Heroku. So I clicked on the Configure SSL button and selected Automatic Certificate Management (ACM) and clicked next. It didn't give me any prompt after that but it now says that my certificate is automatically managed. Right under the SSL Certificates section, it shows the domains and it even says Your app can be found at https://www.example.com but when I try to visit the secure version, it gives me an error NET::ERR_CERT_COMMON_NAME_INVALID.
Do I have to change anything regarding my DNS on the Namecheap side? So far all I have is a CNAME Record with the host set to www and it points to heroku-generated-name.herokuapp.com. and a URL Redirect Record with the host set to # and the value is http://www.mywebsite.com.
I searched online and one answer was to change the CNAME record to heroku-generated-name.herokudns.com. instead of keeping it heroku-generated-name.herokuapp.com.. I did this but then suddenly I started getting other errors like DNS_PROBE_FINISHED_NXDOMAIN whenever I tried to visit the page so I quickly changed it back. I'm not sure if it matters but I did notice that after I changed it to *.herokudns.com., the URL Redirect Record was deleted so I'm not sure if that had anything to do with it. I didn't try messing with it any further so I just changed it back to *.herokuapp.com. and re-added the URL Redirect Record
Any help will be appreciated!
Related
My domain analogue.design is using Cloudflare's name servers, and caching the A record of analogue.design.
Will that prevent AutoSSL from running in cPanel?
Currently I receive an error in AutoSSL:
DNS DCV: The DNS query to “_cpanel-dcv-test-record.analogue.design”
for the DCV challenge returned no “TXT” record that matches the value
“_cpanel-dcv-test-record=4INs3KmEtlH8IwIA2C3vjAbfrkrmLisoUQomsJJ19oPnm23SdoHHnWeFd5AgbU2M”.;
HTTP DCV: “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.
However, the A records for:
autodiscover.analogue.design
_cpanel-dcv-test-record.analogue.design
are not being cached, they are DNS only.
Help appreciated.
Yes,
If you are using cloudflare as proxy server and if you want to install Autossl Certificate on your server, then you have to pause the cloudflare for your server.
To pause click on overview on the bottom right corner you can see pause cloudflare,
then go to ssl in cpanel, install the certificate using AutoSSL,
it will install the certificate , then again go to cloudflare and run it back
I believe you are adding those records as A record entry and not as txt record with the values provided against them in cloudflare.
Manually check using mxtool or some other online tool available if those needed records are reflecting or not. ( https://mxtoolbox.com/SuperTool.aspx?action=mx%3aanalogue.design&run=toolpage) , it also says not found.
Usually adding those records works for renewing the SSL via autoSSL in cPanel for cloudflare based websites, so probably you are doing something wrong while adding those txt records as explained above.
Quick way would be turn off orange cloud to grey and run the autoSSL, however, you will need to repeat this after every months so not a suggested solution.
On Cloudflare temporarily disable "Always Use HTTPS" in "SSL/TLS" > "Edge Certificates". Then Run AutoSSL. This is happening on cPanel when using Cloudflare, but not DirectAdmin from my experience.
I have a web application running on Heroku that is experiencing some unusual behaviour. My DNS is CloudFlare and I'm running CloudFlare SSL certification that is Manually added to Heroku.
The problem is subtle at first. It looks like when I visit the root domain youworkremotely.com on a new browser or device I initially get an Error 526. However, If I subsequently visit www.youworkremotely.com I am able to enter the site and proceed as normal. The odd behaviour begins when I attempt to revisit the root domain youworkremotely.com I no longer see the Error 526 and it is redirected to www.youworkremotely.com.
Any of you guys/girls understand what is happening and can help me fix the issue?
This has been resolved.
Initially the A record still pointed to the old IP address from the previous DNS provider but the CNAME record pointed to the correct heroku DNS URL. Updating the A record to the heroku provided DNS URL resolved the issue.
I had AutoSSL by Comodo on my CentOS WHM VPS previously configured and running. After the certificates got expired, I installed Let's Encrypt and tried to renew certificates via that service which failed with error that signified a DCV validation issue due to me to using the server's DNS. Also the HTTP validation was failing too.
Later, I switched back to Comodo AutoSSL and renewed two of the sites while all others failed with same error above.
Now the issue that persists is that I can't access the websites except one (the main account on WHM). All of the sites are showing defaultwebpage.cgi
What might possibly be the issue and what can be done to get the system back up?
Finally got the issue solved. The faults on my setup that made the DCV to fail were (different for different domains).
For a few domains, the DNS had AAA records(with IPV6 values) that prevented the updation.
For another domain the issue was that the DNS was on cloudflare and it wasn't getting auto updated. So, i had to manually enter the record that has name '_cpanel-dcv-test-record' and a value that had a data like '_cpanel-dcv-test-record=UF0zA7G97dxugw_u10XVpkRJ0faQg2bk2UHf2vDJkhKcElawaQqyaLtCL3VsquAGxv' (sample values for reference. not real)
I made the above changes, selected the domains (Inside CPanel for individual account > SSL > SSL Status) that needed the change and pressed the 'Run Auto SSL'.
Hope this helps someone who goes through a smilar situation.
Here is my current set up.
Domain from Godaddy
Hosting on Digital Ocean (A record points to Droplet IP) with Let's encrypt SSL
It is working fine and I don't really want to change much of that but all the solutions I have researched involve the changes from current setting I have now.
What I want to do is
Set up Github page
Add subdomain in Godaddy and point that to Github page
Add a free SSL to it
I have a page set up working with subdomain(http://onestory.goodnightjournal.com/) but can't find solution to add a free SSL to the page without changing any settings that I currently have for main domain.
I'm trying to set up https on my backend app on heroku as a subdomain like this (for example):
https://api.mydomain.com
and I'm really confused by all the conflicting online docs I've found. Also, I'm rather green on all this SSL stuff. This app will be a backend for just data serving. My front end right now is https on OpenShift under my domain and it's working fine. Here is what I've done:
I have a "hobby" dyno ($7/month) on my heroku app, which I read that I need to
enable this stuff.
I have a cloudflare account which serves up my domain for the openshift front-end on https.
I bought my domain from GoDaddy -- so right now it simply points to the cloudflare name servers.
I setup the subdomain: api.mydomain.com on heroku (settings tab). It came back and said that my "DNS Target" is api.mydomain.com.herokudns.com. It also says "Domain: Your app can be found at http://api.mydomain.com".
I clicked "Configure SSL" > "Automatically configure using Automated Certificate Management" and it comes back saying to:
"update your DNS settings to our secure domain"
Not really sure what that means, to be honest. I tried to go back to cloudflare and add a DNS Record (DNS tab). Like so:
Type: CNAME
Name: api <--is this right?
Value: api.mydomain.com.herokudns.com <-- what do I put here?
But this doesn't work. How do I know? I type
heroku certs:auto and it comes back 'failing'. Also tried value: mydomain.com.herokudns.com without the 'api' in front. I'm really confused and the docs aren't much help. Can anybody help me?
I have found a simpler solution. The fix was mentionned in Cloudflare's tutorial.
The trick is to take your standard heroku app address (ex: myapp.herokuapp.com) INSTEAD of the xxx.herokudns.com displayed in heroku's SSL interface
Then, to make your custom subdomain (ex: api.foodomain.com) point to it, simply add a CNAME record in Cloudflare's DNS
CNAME api myapp.herokuapp.com
And it should work (it did for my case).
OK, in case some other poor tired programmer comes here.
Cloudflare and Heroku don't get along. Use your SSL from cloudflare. Here's how:
disable automatic certification on heroku: heroku
certs:auto:disable
Delete your domain on heroku and start over
Add the (sub) domain again on heroku
type heroku domains to see what the REAL domain is now -- without ACM enabled it will probably go back to ...herokuapp.com instead of ...herokudns.com
Set that one up in cloudflare (DNS tab) under CNAME like so:
CNAME | yoursubdomainname | yourdomainname.com.herokuapp.com
set up Page Rules in cloudflare to be like so:
http://yourdomainname.com/ => Always use https
on Crypto tab use Full SSL.
Wait an hour or so to make sure these all take effect.
Hope that helps someone.