I have a static html site hosted on a s3 bucket. I have generated a free ssl certificate with let's encrypt which I imported into ACM.
certbot --manual --server https://acme-v01.api.letsencrypt.org/directory -d example.com -d www.example.com
I have setup cloudfront to use that certificate.
On my DNS provider (namecheap) I have set a CNAME that points www to the cloudfront domain name, and also put a redirect from mydomain.com to www.mydomain.com
Now if I go to
https://www.example.com, it works
https://example.com, it hangs until it times out
Can someone tell me what I'm a missing ?
On my DNS provider (namecheap) I have ... put a redirect from mydomain.com to www.mydomain.com
There's the problem. Your "DNS provider" has a redirect service that doesn't support HTTPS. There is no way they can -- a redirect can only occur after an HTTPS connection is made, and an HTTPS connection requires a valid certificate.
Redirects are never actually done in DNS, though your provider's interface may give you that impression. Redirects are always done with a web server. Your provider has a web server that they provision and point the DNS there when you configure one hostname to redirect to another.
In short, there's not really a way to do this at the domain apex without using Route 53 as your authoritative DNS host. You don't have to transfer your domain name registration to the Route 53 registrar, but you'll need to use Route 53 for your DNS, and you'll need a second bucket and a second CloudFront distribution -- see Supporting HTTPS URL redirection with a single CloudFront distribution.
Related
I just configured SSL certificate on a domain that routes to my Elastic Beanstalk ALB.
However, it seems like the SSL lock icon does not show for domains with subdomain other than www.
for example, the lock icons shows for www.myDomain.com and myDomain.com. But it does not show for api.myDomain.com or www.api.myDomain.com.
How I set it up:
I went on AWS Certificate manager and requested for SSL certificate on my domain. Then, I went to Route 53 and created a record alias to my elastic beanstalk load balancer with subdomains of www, ``, and api. I don't know why but only www.myDomain.com and myDomain.com shows the ssl lock, not for api.myDomain.com.
The reason I want to do this is because I want to use api.myDomain.com for my API and myDomain.com for my front end app. Is this best practice?
can anyone help me with this?
I have a question about Heroku.
When I try to add new domain with example.
the new domain has to be www.example.com.
If I use example.com. it has ACM problem, no matter how I change the setting in google domains, it goes wrong.
Then fine, I keep the www.example.com one, and web works with setting in google domain
www CNAME 1h www.example.com.herokuapp.com
however, for some reason, I need to add a new subdomain:
auth.example.com
and in my googles domain setting,DNSdata is connect others,not heroku
auth CNAME 1H someDNSdata
then the problem comes out, there is automatically SSL for my web, but it only apply to www.example.com. it doesn't apply to auth.example.com.
i can't adda new domain auth.example.com in heroku because there is
auth CNAME 1H someDNSdata
in the google setting.
I want my SSL in heroku apply for all subdomain.so what should i do??
PS:i have forward
example.com -->https://www.example.com
in additional problem,
if i type www.example.com,it goes http one,
if i type example.com, it goes https one.
why would that happen?? I set # in subdomain forwarding, but it comes out
example.com -->https://www.example.com
doesn't # mean all subdomain will go to https://www.example.com??
I'm looking to connect my domain to a heroku app. So far, the tutorials I've read say we want Namecheap to have the following records for domain example.com:
CNAME Record www www.example.com.herokudns.com
URL Redirect # https://www.example.com
With this config, I can successfully get to my homepage using:
http://example.com/
http://www.example.com/
https://www.example.com/
But for some reason https://example.com/ won't connect and times out. Does anyone know if there's a way to get both https://example.com/ and https://www.example.com/ to redirect successfully?
You won't be able to do this with DNS provided redirects.
The reason is that at the point of redirect, ie your DNS provider they would need to:
Accept https/443 requests to their redirector
have a valid certificate for hacksofcharity.com
if they don't you'll either receive a timeout, or a certificate mismatch in your browser. When apex domains are involved with https then your only option is to be using a DNS provider that supports using CNAME - see https://devcenter.heroku.com/articles/custom-domains#add-a-custom-root-domain and perform any redirects within your application code base.
Trying to get
https://example.com
To not refuse the connection, to show my website, and to redirect to:
https://www.example.com
Without having to switch my DNS hosting to DNSimple or adding another service provider.
My domain was purchased on GoDaddy. DNS is on GoDaddy as well, set up as shown below.
My app is hosted on Heroku, using a Let's Encrypt certificate, that I installed following this answer.
Currently using Helmet+express-enforces-ssl to force hsts.
I have read the following info:
Heroku SSL on root domain ; Heroku SSL Endpoints ; The Limitations of DNS A-Records
The last of which states:
(...) applications requiring SSL encryption should use the
ALIAS/ANAME configuration on the root domain. Subdomain redirection
will cause a browser error when the root domain is requested over SSL
(i.e. https://example.com).
Which seems to be my problem (?).
How do I set this up on GoDaddy?
I'm new to AWS server and I was recently handed a server to maintain. It freaks me out a little bit.
Let's say our domain is: abc.com and www.abc.com
I have already installed letsencrypt SSL certificate for these 2 domains. and they worked fine.
The problem now is that we need an unbounce page to divert traffic to a landing page (away from the buggy one we have on aws right now).
I, then, went on my DNSimple an reroute as follows:
abc.com URL www.abc.com
www.abc.com CNAME unbouncepages
--> abc.com and www.abc.com resolve to our landing page on unbounce
BUT, we still need the page we have set up on aws server.
At the moment, I have this configured on DNSimple:
sub.abc.com ALIAS xx.xx.xx.xx.xx (our AWS server public IP)
https://sub.abc.com will complain: This page is insecure (broken HTTPS).
My question is: How do I add SSL certificate to a subdomain on an apache AWS server?
Any suggestion is much appreciated