I have a cloud front app with domain xyz123.cloudfront.net.
This CloudFront is then mapped to domain sub1.mydomain.com. For this, I followed these steps.
Added SSL through AWS CloudFront pannel to *.mydomain.com
Added A Alias record in Route 53 to xyz123.cloudfront.net
This makes sub1.mydomain.com work perfectly over SSL.
Now, I want to allow my users to use their own domain (eg sub1.userdomain.com) to access the app.
This is similar to what UptimeRobot allows in its public status pages.
What I tried, but not working
Added CNAME to sub1.userdomain.com pointing to xyz123.cloudfront.net, I get SSL Error
Added CNAME to sub1.userdomain.com pointing to sub1.mydomain.com, I get SSL Error
Added CNAME to sub1.userdomain.com pointing to xyz123.s3-website.ap-south-1.amazonaws.com (S3 Static Hosting URL)
Question
How does UptimeRobot (or GitHub Pages) allow users to add a custom domain to their status page over SSL
What is the prerequisite to make this happen?
From https://github.blog/2018-05-01-github-pages-custom-domains-https/:
We have partnered with the certificate authority Let’s Encrypt on
this project. As supporters of Let’s Encrypt’s mission to make the
web more secure for everyone, we’ve officially become Silver-level
sponsors of the initiative.
Github pages create a single certificate, from Let's Encrypt, for both your custom userdomain.com and YOURNAME.github.io. This is possible with a SAN certificate (Subject Alternative Name, https://support.dnsimple.com/articles/what-is-ssl-san/).
You can't associate more than one SSL certificate to a CloudFront distribution but ACM (AWS Certificate Manager) supports up to 10 subject alternative names. To mimic Github Pages you have to know the user domains beforehand or create a new certificate each time you add a new domain to replace the old one.
Unfortunately, there is no way to add more than 10 custom domains to a SSL in AWS.
Which is a prerequisite to having a custom domain to your cloudfront.
Hence, a workaround this could be as below.
1. Create a S3 single bucket which hosts your code
2. Create Multiple Could front distributions connected to single S3 Bucket
3. Then, add custom domains to these cloud front.
You will also need to think about CORS settings in your API of the app to allow requests from these custom domains.
Related
I have one nodejs web app on ibm cloud: MYAPP.eu-de.mybluemix.net.
I want it to be reachable over https on https://MYSUB.MYDOMAIN.IO
I own MYDOMAIN.IO, and added this CNAME entry in my dns provider: MYSUB.MYDOMAIN.IO. 0 CNAME MYAPP.eu-de.mybluemix.net.
I purchased a certificate for SUB.MYDOMAIN.IO added the domain in my organisation, and uploaded the certificate. Note it is not a wildcard. I read that long ago bluemix only accepted wildcards, but I could upload my single certificate without issue.
I also added the route to the app so I have 2 routes in the settings, both with the padlock green:
MYAPP.eu-de.mybluemix.net
MYSUB.MYDOMAIN.IO
After all this, when I navigate to https://SUB.MYDOMAIN.IO, I end up on the app page (redirection working), BUT I get the security warning because the certificate is still the one of bluemix, not mine.
What am I doing wrong???
ok got it sorted after swimming in an ocean of outdated ibm doc, I found that to use custom domain, the DNS config should be a CNAME to a specific domain name.
in my case, not MYAPP.eu-de.mybluemix.net but MYAPP.eu-de.cf.appdomain.cloud
This URL was always there in the list of available domain, but it was hard to find its use.
https://cloud.ibm.com/docs/apps?topic=creating-apps-ssl_csr#ssl_csr?cm_mmc=TonyErwin--Data--WW_WW-_-SSLCerts
Short story: I build a web app, hosted it on Heroku, I have a domain from a Dutch provider "mijndomein.nl" Now I want to use the custom domain for my app.
I have followed the Heroku guide, but without success, I have watched a few videos, but the DNS settings in the videos are not exactly the same as I have at the mijndomein DNS control panel, and since I don't have a lot of experience setting up DNS and domain pointing I can't figure it out for my self. I will provide a screenshot of the mijndomein settings, and probably you will laugh that I haven't figured it out already and tell me how it works.
I'm confused with the * wildcard domain, and if the www (is a subdomain or not) that's not 100% clear in the Heroku guide. Heroku says that wildcard domains are not allowed when using ACM (automatic SSL certificate), but I need to obtain SSL ofc. and mijndomein's base settings looks to be using a * wildcard DNS. How do I set it up correctly so that when I enter:
oppascentrale.nl -> I go to my heroku app with SSL
www.oppascentrale.nl -> I go to my heroku app with SSL
Do I add with or without 'www' in the heroku control panel when adding custom domain?
This is how mijndomein DNS settings looks like when I do a factory reset
I'm also not sure if I can delete some of the DNS settings lines? I can't read anywhere if any of these different settings will interfere with each other.
As you can see in the shot below, Heroku is not exactly clear about how the custom domain should be added, first with, and then without 'www.' - I have tried both, but neither seemed to work with their SSL.
I also never managed to access my app from oppascentrale.nl, Do I some how have to redirect to www.oppascentrale when hitting oppascentrale.nl? And if yes, how do i set up that?
I have my DNS settings as shown in the image
DNS Setting along with an additional CNAME with host www and value as my GitHub page. Next I setup a CNAME entry in my GitHub page with an apex entry to my domain. The issue I face is that whenever I visit my domain with an https protocol, it shows a warning that the connection is not secure. I get the following in Chrome:
NET::ERR_CERT_COMMON_NAME_INVALID
How do I fix this? I have both https and http access for my domain.
UPDATE: Github introduced custom domain support for HTTPS on May 1, 2018.
If you are using GoDaddy and want to upgrade to HTTPS, do the following:
Go to DNS settings for your site in your GoDaddy account.
Remove all existing A records.
Open a terminal and do dig +noall +answer <YOUR-USERNAME>.github.io. You should see a table listing 4 slightly different IP addresses:
On GoDaddy, create 4 new A records, each one pointing to one of the IPs. For host use # and set the TTL to a low user-defined value (if you are in a hurry).
Go to your page repository settings on Github, and clear the custom domain name and save. Wait a while (minutes).
When executing dig +noall +answer <YOUR-CUSTOM-DOMAIN> yields the 4 IP addresses that you entered in the A records, go back to the Github repository settings and re-enter and save your custom domain name (which you just cleared) in the custom domain cell.
Optionally, check the box Enforce HTTPS. But make sure that https://<YOUR-DOMAIN>is responsive first.
Make sure you have a CNAME record in your DNS settings also. Host should be www and it should point to your <YOUR-USERNAME>.github.io.
Make sure there is a file in your website repository named CNAME containing the name of your custom domain (in my case ulfaslak.com).
Reference
EDIT: Please see answer below by Arturo Herrero: https://stackoverflow.com/a/50203412/462015
GitHub pages does not support HTTPS for custom domains.
The only work around for doing so is to use an SSL provider as the middle man, such as Cloudflare. However, this would involve pointing your DNS name servers at Cloudflare's, which takes some time and complicates things.
If you want HTTPS support using GitHub pages you'll have to use GitHub's provided URL instead of your custom domain.
Another great option for static sites if you want custom domain name HTTPS is Amazon Web Services. You could set up an S3 bucket for your static website, configure CloudFront to distribute the static content, point your domain name at the CloudFront distribution, and use a free SSL certificate from Amazon's cert manager. This option comes out to less than $1/Month with a low-traffic website. A great in depth tutorial for that would be here.
I hope this answered your question! GitHub pages is a great hosting option, and it's not the end of the world if you decide to forget about HTTPS.
Custom domains on GitHub Pages gain support for HTTPS since May 01, 2018
https://blog.github.com/2018-05-01-github-pages-custom-domains-https/
I have a wildcard certificate for our domain. *.domain.com
We host multiple sites on our one server using host headers with subdomains. In this specific case lets use site1.domain.com the site has a https binding on the hostname with the wildcard ssl cert.
for marketing reasons we want to rename the sites URL / Name. for example awesomewebsite.com
But for hosting and ssl certificate reasons we cant simply change the host headers on the site.
So my question. Is there a way for me to make awesomewebsite.com an alias tohttps://site1.domain.com so that the user can operate and use the site as if it was hosted at awesomewebsite.com and for security reasons all requests are actually sent to https://site1.domain.com
I have both the domains with 'dyndns.org' I know they offer some added services. Not sure if that will be of any user to me?
Also if I can obtain this are there any security concerns or other issues which might be introduced.
When using webhop feature in dyndns.org i get the following error:
Refused to display 'https://site1.domain.com/Account/Login?ReturnUrl=%2F' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'
So my question. Is there a way for me to make awesomewebsite.com an alias tohttps://site1.domain.com so that the user can operate and use the site as if it was hosted at awesomewebsite.com and for security reasons all requests are actually sent to https://site1.domain.com
The validation of the contents of the certificate is done against the name in the URL, which means that your certificate must contain the alias name too.
Never answered properly.
For whom who ends up here during a search:
What you need is a certificate (requested) with alternative names, meaning it contains all the variances you desire of FQDN/DNS names. They do not need to match or belong to the same domain. Also ideal for external name and system internal names (e.g. www.mystuff.com, host123.myhost.com):
https://www.digicert.com/subject-alternative-name.htm
Im working with mobile site and i want this site use https, so i have 2 Domain here :
www.youbeli.com (Main site)
m.youbeli.com (Mobile site)
Then i set m.youbeli.com with https , when i browse using my phone(Android) , i found error is pop up
Security Warning
There are problems with the security certificate for this site
When i view the certificate (below is the information), :
Issued to :
Common name:
www.youbeli.com
Organisational Unit:
GTxxxxxxxxxx
So, the question is i need to register SSL to m.youbeli.com or this is my configuration error ?
Certificates are designed to authenticate only the domains contained within them. You'll need to either get a SAN certificate that allows multiple domains you specify, or, since this is all under a single primary domain, purchase a wildcard certificate (*.youbeli.com).