I am working with Load Balancing to have https to my static website and I have my domain in GoDaddy
I created a LoadBalancer with
Backend configuration: To my Cloud storage buckets & enabled CDN.
Frontend configuration: Https having static IP I have enabled
Google-managed SSL certificate with my domain example.com which is in GoDaddy.
Do I need to do any configuration in GoDaddy like pointing, After 10-20 min I get FAILED_NOT_VISIBLE in domain status
I am new and don't know how to link.
In google docs I can see DNS records for your domain must reference the IP address of your load balancer's target proxy, Can someone help me to understand.
https://cloud.google.com/load-balancing/docs/ssl-certificates?hl=en_US&_ga=2.190405227.-1195839345.1570257391#certificate-resource-status
Finally I fixed it, We need to point the Static IP to DNS in my case I have in GoDaddy, It took some time to point DNS and then it took time for my Google-managed SSL certificate to turn green.
Once it's done I hade an issue with err_ssl_version_or_cipher_mismatch for this we need to add Policy to tell LB to use TLS 1.2 but in my case it automatically resolved in 10 min.
We can Point DNS in two ways one by directly adding Static IP to A record in GoDaddy other is by creating a Cloud DNS in GCP and point Nameserver in Godaddy.
We must establish a link to confirm our DNS with Static IP of LB so that the SSL turns Green after confirming Domain status.
Related
Scenario: I have an EC2 instance which hosts the api's.
I am using elastic ip for ec2 instance.
This is the url where I can access to my apis.
ec2-xx-xxx-xx-xxx.us-east-2.compute.amazonaws.com
I want to add ssl to this url
please guide how to add ssl to my ec2 instance
You can't have ssl certificates for *.amazonaws.com, you need to have custom domain and for that domain you can have ssl certificate, basically for getting ssl certificates you need to have DNS control of that domain or your one of the emails should be listed in WHOIS lookup, both not possible for amazonaws.com
I've a domain name, basecompany.com. My application is deployed on the server and the IP has been mapped with the domain name in GoDaddy domain registrar DNS settings. Also, it is https enabled using Letsencrypt which automatically refreshes my certificate after every 3 months.
Now, I purchase 5 more domains and just want to reroute those 5 domains to basecompany.com. Nothing else. These are just URLs with no application server. So, I used domain-forwarding service.
However these 5 domains are not https secured. How do I apply letsencrypt certificated within my DNS settings itself, or do I have to separately purchase a SSL certificate from them?
PS: I'm skipping my option to add the domain name in my webserver (nginx)
config file and then map the IP to my DNS of new domain names. I dont want this.
I just want to install the certificate and it should start working.
I am using Cloudflare, and my domain is using their nameservers olga and duke.
I have A records for ns1.mydomain.com and ns2.mydomain.com and that is only thing which is revealing my real IP address, because i can not force clients to use CloudFlare. So I host their DNS.
If I enable CloudFlare for my NS1 & NS2 A records, will everything continue to work well?
Notice: NS1 and NS2 at registrar are will still be pointing to real IP address.
If you want to use Cloudflare you need to choose one of the following configurations:
Change your name servers at the registrar and use in Full mode,
Use via a hosting partner, or
Upgrade to BIZ and use a CNAME setup
Cloudflare Knowledge Base Article
Whilst Cloudflare can host the DNS records for your host - it will not proxy DNS records; Cloudflare will only proxy HTTP and HTTPS traffic.
If you wish to proxy DNS traffic you can use Cloudflare's Virtual DNS product. This acts as a firewall for your existing DNS infrastructure.
I've let cloudflare manage the DNS of my example.com
I have created id.example.com for country's specific customer. I've done it by created cname id with alias example.com
I need to create customer portal: my.id.example.com. How?
In Cloudflare, open the DNS records for domain.example
Create a A record for example.id and enter the IP where my.id.domain.example will be hosted, and add record
Setup the site my.id.domain.example at the IP you specified
If domain.example is on Cloudflare and the Cloudflare nameservers have propagated, the sub-sub domain propagation should be more or less instant
As correctly noted by ThorSummoner and user296526, this will work on the Cloudflare free plan if you aren't using SSL.
If you want to have a sub sub domain with SSL on Cloudflare, you need to a dedicated Cloudflare dedicated SSL certificate which is available as a paid plan. To quote from the Cloudflare site:
Cloudflare Dedicated Certificate with Custom Hostname: $10 per domain
per month
Includes all benefits mentioned above for Dedicated Certificates
Protects your domain, subdomains (*.example.com), as well as up to 50
additional hostnames Can extend protection beyond first-level
subdomains (*.www.example.com, not just *.example.com) Dedicated SSL
certificates typically provision within a few minutes but can take up
to 24 hours.
Full details here
The accepted answer works fine only if you are not using SSL. As mentioned by #ThorSummoner, cloudflare wildcard SSL certificate is only valid for your domain example.com and *.example.com. It is NOT valid for *.*.example.com (Sub Subdomains or fourth level subdomains).
In order to have SSL for your fourth level subdomains, you will have to be on a paid cloudflare plan and will also need to buy a dedicated SSL certificate from within cloudflare control panel.
Please refer to below pages for more info:
https://support.cloudflare.com/hc/en-us/articles/219453397-Can-I-use-CloudFlare-SSL-certificates-on-my-fourth-level-subdomain-
https://support.cloudflare.com/hc/en-us/articles/228009108-Dedicated-SSL-Certificates
You need to create the subdomains at your hosting provider first, then you would come to your CloudFlare DNS settings and enter in the DNS records so that it resolves.
CloudFlare doesn't support true subdomains (i.e., subzones with nameserver delegation). But it does support what you want, i.e. specific records within a subdomain served by the same zone.
Simply create your record as you would any other record, and use my.id as the name (note the dot.) Lookup will work as you would expect it.
I have a EC2 instance that act as a web server, it hosts various sites and some of them have ssl certificates, lets say one of them is secure.abc.com and has certificate for https://secure.abc.com
After I added an elastic load balancer, assuming it's public dns 'myelb.amazon.com' and I changed the cname record in my DNS to make 'secure' to point to 'myelb.amazon.com', the certificate becomes invalid.
How do I fix this?
My second question is if I have more than one site that has ssl certificates, will a single load balancer work?
In order to fix this issue, you need multi domain SSl certificate to protect your multiple domains includes your DNS domain name also..!
A single certificate for your domain names is the solution for your issue!
And for second question, answer is yes, if you have website with SSL certificate then your load balancer work for it, even it works for multiple host name or ip address too.
I hope this doc should help you out
Stupid me, there is an option to select "TCP" instead of "HTTP"/"HTTPS" which will make the ELB work at the TCP/IP level