Namecheap domain won't redirect without "www" - ssl

I'm looking to connect my domain to a heroku app. So far, the tutorials I've read say we want Namecheap to have the following records for domain example.com:
CNAME Record www www.example.com.herokudns.com
URL Redirect # https://www.example.com
With this config, I can successfully get to my homepage using:
http://example.com/
http://www.example.com/
https://www.example.com/
But for some reason https://example.com/ won't connect and times out. Does anyone know if there's a way to get both https://example.com/ and https://www.example.com/ to redirect successfully?

You won't be able to do this with DNS provided redirects.
The reason is that at the point of redirect, ie your DNS provider they would need to:
Accept https/443 requests to their redirector
have a valid certificate for hacksofcharity.com
if they don't you'll either receive a timeout, or a certificate mismatch in your browser. When apex domains are involved with https then your only option is to be using a DNS provider that supports using CNAME - see https://devcenter.heroku.com/articles/custom-domains#add-a-custom-root-domain and perform any redirects within your application code base.

Related

Why is my IONOS 1&1 root not redirecting correctly over ssl?

I have a 1&1 IONOS domain for my heroku app. the www subdomain works fine, with a CNAME setup for it. but I'm trying to redirect the root url to the www subdomain. this also works fine for http, but if the url is typed in as https://example.com, I get a ERR_SSL_PROTOCOL_ERROR (on chrome, other browsers have different errors). this is on any device, regardless of clearing cache and history etc.
my heroku logs show it's never reached, so it must be an issue within 1&1.
theres an ssl cert set on the domain with 1and1, as well as heroku's ACM.
any ideas?
To make the four URL variations (http://example.com, http://www.example.com, https://example.com, and https://www.example.com) point to a different SSL hosted site (heroku, cloudfront, etc), you need three things in IONOS:
Under DNS settings, add a CNAME entry for the www subdomain that points to your SSL hosted site (example.herokuapp.com)
Set up an HTTP Redirect under Domain Forwarding to https://www.example.com (don't check the box that states "Also set up for www subdomain")
Make sure you have an SSL wildcard certificate for *.example.com installed and attached to your domain in IONOS
It looks like all you are missing is number 3. After that, the redirect that you have setup should work as expected.
Note: example.com should be replaced by your actual domain in all of the above.

Hosting a website with active SSL certificate, however, navigating to www.example.com leads me to Http instead of Https

I'm using a shared hosting website to host the website and I have a SSL certificate. When I navigate to www.example.com, I don't see the padlock and it says the website is not secure, however, if I navigate to https://example.com or http://example.com, I see the padlock and it says the website is secure.
What am I meant to do to make it so that when a user types www.example.com to be sent to the https://example.com version? Do I have to forward the domain to https://example.com or do I have to fiddle with some htaccess settings?
Check Ben's answer here:
https://stackoverflow.com/a/1270281/7118098
This is an .htaccess edit, assuming you're using Apache on your host.
The problem is that you're manually accessing https:// so it works, but accessing http:// doesn't redirect you because it's not https:// enforced.
Almost all SSL certificates secure both versions of the website (www and non-www). But, I think your web hosting provider does not offer this feature. However, you can redirect your www domain to a secure domain (I mean non-www version).

Using PointDNS on Heroku to manage SSL and non-www to www redirects

I've been using Heroku to host and manage a website of mine that requires an SSL certificate. For the last year and a half I've been using ZerigoDNS to manage my domain and SSL redirecting (although, redirecting from non-https, non-www to https and www does not work).
I just got a notice from Heroku that they will be shutting down ZerigoDNS soon and they recommend switching to PointDNS. I couldn't find any information in the PointDNS documentation about managing SSL redirects.
Here's what I'm looking to do:
non-www non-https redirects to https and www
non-https redirects to https and www
https but non-www redirects to https and www
The reason everything needs to be forwarded to https and www is that's what the ssl cert was created for (the www is required. I don't have a wildcard certificate).
Does anyone familiar with PointDNS know how to to set up the records and redirects properly?
Thanks in advance!
Regarding non-www to www redirects, I just got that to work as follows:
First, you must add both www.your-domain.com and your-domain.com as custom domains.
heroku domains:add andrewpuglionesi.com
heroku domains:add www.andrewpuglionesi.com
I have a CNAME record with name www.my-domain.com.. The text in its data field is my-heroku-domain.herokuapp.com. I also have an alias record with the name my-domain.com., and I made its data field www.my-domain.com. In other words, the alias just points to the CNAME.
I don't know if this is well-advised, but it seems to work (and without sticking www in the user's URL, at that). It simply solves the problem where you can't access pages other than the index without having www there). I like how Heroku and PointDNS' documentation both say you can easily do redirects and then don't actually explain how to... I guess this is one way.
I've previously been able to force https protocol through the backend of a Django site. I can't remember the exact method I used, but you might be able to do it without the DNS stuff.
First, add both www.your-domain.com and your-domain.com as custom domains under settings or run below commands
heroku domains:add domainname.com
heroku domains:add www.domainname.com
For redirection, you need to do it via server, eg. if you are using apache you can achieve redirections via .htacess file.
Also, you can only redirect non-www to www with pointDNS redirect option

Multiple Domains SEO SSL Redirect Avoiding Loop Errors

I have 4 domains in my server:
domain1.com
domain2.net
domain3.com
domain4.net
The primary and SSL enabled is: domain1.com
I try a SEO permanent 301 redirection of all of them to https://www.domain1.com and works fine, the problem is that when someone tries to access any secondary domain prefixing it with https the redirection doest work.
Example: domain2.net (or any other of those with https prefix) will not redirect to https://www.domain1.com and get a SSL certificate error.
I believe this is because SSL request uses a different port: 443 and all the Rewrite Rules i made are just for 80 port.
Please help!
You get the SSL certificate error because the certificate does not match the name of the accessed server. Any redirects will only be done after establishing the SSL connection, which means you need to have a valid certificate for each domain you want to redirect from.

SSL at the root domain on heroku

I've got a website with an SSL certificate for the root domain only - example.com.au
The site runs on heroku with the dns at dnsimple.com
I want all requests to www.example.com.au to go to the canonical url, ie to example.com.au and obviously this redirection needs to be set up at the dns level so that the user doesn't get stopped with an "insecure" message.
What should i put in my DNS?
I want all requests to www.example.com.au to go to the canonical url, ie to example.com.au and obviously this redirection needs to be set up at the dns level so that the user doesn't get stopped with an "insecure" message.
In short: This is not possible, because aliases at DNS level will not change the hostname.
In detail:
If the user types in www.example.com the client (i.e. the browser) will lookup the IP for this host and it will follow any DNS aliases (like a CNAME pointing to example.com) during this process. But, following DNS aliases will not cause redirects inside the browser. Instead the name in the URL will stay the same and so will be the name used to verify the certificate.
This means there is no way to do what you want at the DNS level. If you want to redirect from https://www.example.com to https://example.com you must have a certificate matching www.example.com.