I am trying to use Azure Traffic Manager to load balance traffic between a website hosted on an Azure VM in 2 different regions (Europe and US).
The Azure Traffic Manager is setup happily with the DNS name mywebsite.trafficmanager.net
I have 2 end points setup with dns names mywebsite-uk.uksouth.cloudapp.azure.com and mywebsite-us.westus.cloudapp.azure.com
In order to setup a vanity domain I have a CNAME record pointing to
www.mywebsite.trafficmanager.net
When I go to http://mywebsite.trafficmanager.net or www.mydomain.com I get correctly routed to the closest site.
Unfortunately I am struggling when I try to get HTTPS / SSL working. I am attempting to use Let's Encrypt via the Certify SSL Certificate Management tool to issue an SSL certificate to each of the servers however I am getting the following error:
Validation of the required challengers did not complete successfully. Please ensure all domains to be referenced in the Certificate can be used to access this site without redirection.
I have created bindings in IIS for both mywebsite-uk.mydomain.com and www.mydomain.com, and an A record for mywebsite-uk to the ip of the web server and whenever I request a certificate that includes www.mydomain.com I get the error.
Has anyone got an experience with this type of setup? and more importantly any advice on what I am doing wrong? Would I be better biting the bullet and getting a paid for SSL certificate?
Many thanks in advance,
Related
Scenario:
I have built a job board for a client and am running that website on my server while the client’s main website is still hosted in its original location.
client.com (root) is on client’s server
jobs.client.com on my server
“jobs” is set up on client.com as an “A” record pointing to the IP address of my server. A real subdomain has not been created on client.com’s server.
Problem:
I am getting a SSL error because it seems jobs.client.com is not covered by a certificate.
Question:
Is it just a matter of time before client.com’a certificate provider will detect and cover the new subdomain?
Or will I need to add a certificate to jobs.client.com on my server?
Is it just a matter of time before client.com’a certificate provider will detect and cover the new subdomain?
No.
Or will I need to add a certificate to jobs.client.com on my server?
Yes. The certificate covering the hostname specified in the URL needs to be explicitly installed at the server which serves this hostname. It is unclear what kind of certificate your server currently provides, but likely the wrong one.
I have spent 2 days trying various solutions breaking the stack multiple times... you are my only hope:)
I have setup Plesk on an aws instance and i'm using a webhost license.
Set up a hostname, issued a certificate with lets-encrypt, and works fine when accessing the admin interface on hostname.com:8443
Set up a client domain, issued certificate with let-encrypt, works fine for the front end but when i want to enter admin on clientdomain.com:8443 i get a privacy error. Same thing when trying to access admin with the server ip only as well. In both cases it tries to pull the certificate of "hostname" instead of the cert issued to the client domain.
The goal is to get clients clientdomain.com:8443 and server ip working with ssl or to redirect to hostname.com:8443
I would like to understand what's happening and how can i fix it.
Just in case someone stumbles across the same issue:
Currently this is not possible in Plesk (Obsidian18.0.27) but its being considered
As a temporary solution the best practice is to redirect all clientdomain:8443
requests to hostname:8443 and force https to ensure secure connection.
To achieve this follow these instructions:
https://support.plesk.com/hc/en-us/articles/115001421414
this one is driving me mad - hopefully anyone of you can help.
I ordered a cloud server with intention of running multiple customer sites on one server/one ip. Everything is working fine so far, but Im having troubles with SSL.
I added 2 Domains (Domain a, Domain b) via Plesk Panel and installed basic ssl certificates which are working perfectly fine. Both Domains can be accessed via https:// and in the broswer both certificates are shown as valid / secure
Problem: Im getting SSL Issues / Warnings when connecting to the domains mailboxes -> to secure the Plesk Panel a self-signed Certificate was pre-installed.
When I exchange the Plesk self-signed certificate to a certificate for Domain a, Domain a mailboxes are working perfectly fine - but not for Domain b. (obviously). What certificate do I need to install to secure the Plesk Panel and which does not cause any problems with all underlying Domains & their mailboxes?
Will creating a certificate for the servers IP address will do the trick? Is this accepted, even possible or will it result in another warnings? If yes, do I need to create a certificate for xx.xxx.xxx.xxx or xx.xxx.xxx.xxx:8443?
Or is there any other option for running multiple domains on one shared ip?
Any help/guidance is very much appreciated!
Thanks!
Did you mean something like mail.domainb.com or autodiscover.domainb.com for mailbox? Then make sure you have valid SSL certificate for them also not only for mail domain. As far as I know you would not be able to get third-party certificate on IP addresses.
Sorry if I have guessed wrong.
Here is my story
I have Amazon EC2 with Tomcat 7 hosted at an Elastic IP as
http://ec2-XX-XXX-XXX-XX.us-west-X.compute.amazonaws.com:8080/webAppX
http://ec2-XX-XXX-XXX-XX.us-west-X.compute.amazonaws.com:8080/webAppY
http://ec2-XX-XXX-XXX-XX.us-west-X.compute.amazonaws.com:8080/webAppZ
Then I bought a domain at 1&1 as domainXYZ.com
I bought SSL from sslmate.com for the domainXYZ.com
Now, my confusions come
We follow instructions from sslmate.com and do the same for httpd from Amazon EC2 but when I access https:// , the browser says errors as below
Your connection is not private
Attackers might be trying to steal your information from ec2-XX-XXX-XXX-XX.us-west-2.compute.amazonaws.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is ec2-XX-XX-XX-XX.us-west-2.compute.amazonaws.com; its security certificate is from www.domainXYZ This may be caused by a misconfiguration or an attacker intercepting your connection. Learn more.
Could you please advice me what things I missed or wrong.
Question #2: How come I re-direct from 1&1 to ec2-XX-XX-XX-XX.us-west-2.compute.amazonaws.com?
I do see we have options such as FramRedirect, or A record by changing DNS using IP
But I'm not sure which one I should use for HTTPS will be handled.
Thanks,
Nghia
You are making your life unnecessary difficult.
Just buy the domain using AWS Route 53 and link it to your Elastic IP.
As soon as your instance is reachable via the domain set up a certificate for free using LetsEncrypt and EFF's certbot.
Finally open HTTPS port via AWS console security settings.
I have a https web app running on my aws ec2 instance.
https://ec2-52-91-100-69.compute-1.amazonaws.com/
I need to get a ssl certificate for the same so that the scary warnings do not appear.
How can I do this? I tried to buy a ssl from clickssl.com but their helpdesk emailed me with the following:
"You completed enrollment process for domain name
ec2-52-91-100-69.compute-1.amazonaws.com.
I believe you cannot get SSL for this domain name because root domain
name amazonaws.com is Amazon property."
If this is the case is there no way to get a ssl certificate for my application? I dont believe thats the case.
Any help will be appreciated.
First you need to register a domain through a registrar (e.g. GoDaddy or Amazon Route 53). Next you assign an Elastic IP to your EC2 instance and use your registrar's DNS tool to make your domain point to the Elastic IP address. Then you can request an SSL certificate for your own domain.
You do need to register a domain, or use a subdomain of a domain you already have registered. You do NOT need to use an Elastic IP - they are limited and eventually (if you use multiple domains in your AWS account) you will run out. Instead, you can use a CNAME to point to the AWS name (e.g., ec2-52-91-100-69.compute-1.amazonaws.com).
Once you have that set, use Let's Encrypt to get a free widely accepted certificate. There are plenty of tutorials on the installation process - try:
https://ivopetkov.com/b/let-s-encrypt-on-ec2/
Just noticed the original question is OLD - which means (among other things) that Let's Encrypt wasn't even an option at the time. But for anyone who stumbles across this question now, it is a great solution.