DNS beginner here so bear with me-- I have a small heroku node app and I can't afford the $7/m hobby plan that you need to auto generate an SSL certificate. I have a custom domain from AWS Route 53 that points to the app, but only the www. address works, not the https:// address, I gather because I don't have the SSL certificate.
I saw that there were some cloudfront hacks (2) but mixed reviews about whether they work, and they sound a bit too complicated for me, a beginner.
Are there any workarounds? Like, could I have my https:// AWS address just redirect to the www. one? Could I wrap the ssl'd heroku app in an iframe? Or are there other heroku jamstack type alternatives that offer more inexpensive SSL certificates?
You could potentially use CloudFlare's free SSL with heroku, here is a blog post that goes through the process.
Related
I'm using Surge.sh to deploy a simple react app to a custom domain i bought from GoDaddy.com.
I've followed the instructions regarding custom domains on their site and get a confirmation that my site was deployed successfully:
https://surge.sh/help/adding-a-custom-domain
On GoDaddy I've configured the CNAME and A types to point to Surge:
However when I open up the domain at https://codatheory.dev/ I receive an error message with error code: SSL_ERROR_BAD_CERT_DOMAIN
I'm quite new to hosting sites on custom domains, so I'm sure I've misunderstood something. The certificate registered on the site is provided by surge.sh.
What configuration steps can I take to resolve this issue? Do I need to create a new certificate to be signed by a CA in order to use this domain, or have I missed something in my deployment?
Thanks!
SSl with surge comes out of the box with *.surge.sh domains. For these domains you can force a redirect of http to https. However, for custom domains surge does not offer SSL as stated explicitly here and they mentioned that it is a feature of surge plus. To answer your Q, yes you could generate a certificate using some provider (e.g. https://letsencrypt.org/) and add it to surge but that would be within the frame of surge plus (not the free tier anymore).
I would try if I were you maybe s3 with cloudfront? it does not cost that much if the traffic is not that high.
I've got a heroku free plan, which is running on a custom domain with the PointDNS add-on so it can provide nameservers for DNS provider, if that matters.
I've got the website up and running on my custom domain, on https, but the ssl certificate points to *.herokuapp.com.
I suppose I need another SSL certificate for my custom domain, but after looking around for a long while I still couldn't find anything that doesn't require a paid heroku plan.
Is it even possible to add an ssl certificate, on a free heroku plan, on a custom domain? If so, please help me out.
I'm really over my head here and my knowledge about anything-ssl or dns is very limited.
From the PointDNS add-on doc (https://devcenter.heroku.com/articles/pointdns), I don't see how you can do this easily.
But, if you have purchased the domain (and not ddns), this should be pretty easy with cloudflare.
Setting up a Custom Domain name and FREE SSL certificate for Heroku Apps
Add DNS record to point to your site and redirect to heroku.
Enable the Crypto certificate, after this the certificate will be automatically distributed by Cloudflare.
there a several questions for Heroku, Cloudflare and DNS but doesn't match mine. I've configured Heroku with automated certificate management (ACM) and Cloudflare of course is configured to serve SSL from itself. With this I want to ensure, that requests are also encrypted between Cloudflare and Heroku.
SSL works perfect for the Client. Problem is, that Heroku can't verify the DNS settings from Cloudflare (which is documented from Heroku as ACM isn't working with Cloudflare this way). Of course I could disable it, but then the traffic isn't encrypted anymore between Heroku and Cloudflare, which would be the worst case.
Someone knows how I solve this and ensure the entire communication between my Heroku Apps, Cloudflare and the Client is encrypted?
That would be great, I look forward to your answers/questions.
Okay, after a few more researches I guess got the solution. In my case with Cloudflare, Heroku doesn't work with ACM in paid plans above Hobby dynos (as said from Heroku itself). Even the option to generate "Origin Certificates" on Cloudflare and put them into your Dyno config isn't working (tried with an ECDSA one).
It's possible to pay Heroku to be able to modify the SSL Endpoint with the "SSL Endpoint Add-on" (20$/mo) and modify Heroku in the way it works, which isn't an option to me.
Update: I the meantime Heroku did update the SSL behavior and you're able to upload an origin certificate (from Cloudflare for instance).
I'm new to web development and finally been able to create something and show to the world. I have the domain with godaddy, hosted webapp with heroku and using cloudflare SSL certificates. Trying to be cheap as dont want to spend money until I find some traffic to the website.
Chrome and Firefox warn that website is not safe when I type
www.mywebsite.com
however When I type
https://www.mywebsite.com
they work fine. Interestingly I also tested website on opera and it does not warn me at all and successfully show the valid certificates. Can anyone please help?
That is just showing you that you are accessing the site not in SSL (https). You should put in an automatic redirect to avoid people seeing that.
This appears to be a cPanel problem. The good folks at name.com use cPanel. Hosting at name.com for my site is a problem in that when someone accesses my site with https the SSL certificate from another site is sent by the server. cPanel docs seem to imply what I'm describing is a known problem. http requests are fine. Short of implementing SSL for my site, are there recommended ways to set up my site?
This issue is coming because you dont have private SSL for your domain, so install a SSL for domain.
You can get a free SSL from these 2 site:
https://www.startssl.com/
https://letsencrypt.org/
and request your hosting provider to install a SSL after that your website will on both http:// and https://