I have the following problem:
I'm using letsencrypt to obtain ssl-certificates for my sites.
Recently I registered a subdomain, which is working fine. Say my subdomain is called test and my main site is called website, then https://www.website.com works, as well as http://www.website.com (which redirects to the https-site), as well as https://website.com. Now http://test.website.com or test.website.com works well, but https://test.website.com delivers me the main site (so https itself seems to work, but i get the content of the main site, not of the subdomain. Does anybody know what the problem could be?
I'm using apache2 on Ubuntu14.04
Just check the certification installed for load balancer or not?
If this is the problem, Just add this certificate to it and it will resolve the problem.
Related
I have a site being hosted on heroku so I can go to myapp.herokuapp.com/ and my SPA loads. I got a domain and used cloudflare with a CName record to alais mydomain.com to myapp.herokuapp.com. Great the sites load. Within my SPA i load some images. If my app loads directly from heroku *myapp.herokuapp.com/images/filex.png" it works fine but if I call (or type in the address bar) myDomain.com/images/files.png" I just get my site back like i types mydomain.com
Is this an issue with cloudflare? Do i need additional routing rules?
or is this an issue with my express server that is serving the app and images? does the redirected
request look different and do I need to add code to handle the redirect?
I'm not sure why the redirect is happening without more information. My best guess is that you need to follow these instructions from Heroku. Without this, Heroku servers will have no idea what to do with a request that has a host header of mydomain.com, and will perform in some unexpected way. Heroku needs some way on its side to know that all mydomain.com requests should be handled identically to myapp.herokuapp.com requests.
If this configuration is already in place, your underlying code needs to handle myapp.herokuapp.com and mydomain.com, but I believe by default express will not care about hostname.
Seems to have been an issue with heroku. It’s working fine on aws.
I have configured my GoDaddy DNS through Cloudflare, pointing at Heroku's URLs (ivanteong.herokuapp.com) after adding www.ivanteong.com and ivanteong.com to custom domains of Heroku.
I have also added the CNAME for ivanteong.herokuapp.com to Cloudflare for its root and www, configured "Full" for the Crypto settings and enabled "Automatic HTTPS Rewrites". This is to make the site appear as HTTPS. I have also added Page Rules such that everything redirects to https://www.ivanteong.com.
However, I have been facing consistent issues with loading the pages on my website, in order of frequency:
1) When going to different pages on ivanteong.com, it will sometimes reach "There is nothing here yet" page on Heroku. Sometimes, it happens on the main site, other times it happens on the subpages. Visitors need to refresh the page multiple times before the actual page will load and the error page on Heroku is gone. This is bad for user experience as most of the time, users won't bother reloading as they will think the site is broken. I'm suspecting it has something to do with the rerouting of DNS or the DNS connection between Cloudflare and Heroku. I'm on the free tier on Heroku, wondering if that is the problem?
2) Sometimes, some of the assets such as the Javascript library or images will not load fully, and the site will appear without the images loaded or the UI scrambled, only resolved when I refreshed the page. It looks as if they load 80% of assets the first time and only finish loading everything after I reload the page. I'm wondering if it is something to do with forcing HTTPS encryption over all the assets?
I was also facing a similar problem. When I try to load(via https) https://example.com I was getting no app found error. I fixed it by adding multiple domains in heroku custom domain settings. I added both, domain with www subdomain and naked/root domain to heroku and now i get redirection to www.example.com but I don't get the no app error. I hope this might work for you as well.
URL in question: https://newyorkliquorgiftshop.com/admin/
When you open the above page, you can see in the console that there are lots of error messages saying "...was loaded over HTTPS, but requested an insecure stylesheet.."
This website was working well until all of a sudden this problem shows up. I am not very familiar with https, but I have contacted with Godaddy and the SSL certificate is valid, and there is no obvious problem with "https://newyorkliquorgiftshop.com". And I am stuck here, I've some experiences with HTTPS website before, if the URL of website's homepage is "https", then every resources it loads is via "https" too. I don't know why my website behave differently and I don't know where to start to solve the problem? Any hint is appreciated especially articles about HTTPS that is related to my problem.(I have done a brief research regarding HTTPS but most of the articles I found are about the basic concepts.)
If you have access to the code (not sure what you built the website using), try using https instead of http for the URL's you use to load your style sheets and script files.
For example one of the errors is
Mixed Content: The page at 'https://newyorkliquorgiftshop.com/admin/' was loaded over HTTPS, but requested an insecure script 'http://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js'. This request has been blocked; the content must be served over HTTPS.
You are requesting the .js file using HTTP, try using HTTPS like so:
https://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js
The problem:
I have 2 websites that have the same IP address (a domain and a subdomain), and I have an SSL certificate for each of them. The domain is a word-press site while the sub domain is a ruby on rails application. the subdomain has the certificate installed and works with no problems, but when I try to add the second certificate for the main domain, it works, but it prevents access to the subdomain.
In the web browser inspection page it shows this error :
“XMLHttpRequest cannot load https://giladparking.com/wp-content/plugins/wp-slimstat/wp-slimstat-js.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://monthly.giladparking.com' is therefore not allowed access.”
What I have tried:
I have followed this tutorial to allow for SNI support and it seems to work except for the previously mentioned issue.
I have taken a look at this post as well which explains that you can't make XMLHTTPRequests across domains. but this issue only arises when both certificates are in effect.
“XMLHttpRequest cannot load https://giladparking.com/wp-content/plugins/wp-slimstat/wp-slimstat-js.php....
The certificate for this sites is valid for monthly.giladparking.com and www.monthly.giladparking.com but not for giladparking.com. That's why any access to this site will fail with a certificate error. This problem is not restricted to XMLHTTPRequests.
I've setup 'ssl endpoint' on heroku and that works great. I have a cname for www.miketown3.com pointing to osaka-4635.herokussl.com. https is working great.
However, when I GET http://www.miketown3.com, I get redirected to https://www.miketown3.com and I want to remain on http. When testing my app locally this does not happen. Also, when watching the traffic in chrome, I see no http level redirection of any kind. There's just a request to http://www.miketown3.com with no response. Then immediately the next request is to https://www.miketown3.com, but this time there is a valid response.
My question, where is this redirection happening and how can I stop it? Thanks a bunch!
Since your www subdomain is pointed to osaka-4635.herokussl.com, the server at this address performs the redirection. To stop it, you have to remove the ssl endpoint addon, and change your DNS records per https://devcenter.heroku.com/articles/custom-domains (e.g. point your root and www subdomain to yourapp.herokuapp.com)
I'm not 100% sure what you question is but if you only want HTTPS for certain parts(urls) of your website and assuming you are using rails you can add the gem 'rack-ssl-enforcer', this will allow you to specify what parts of your website redirect to https i.e. login
This was a chrome cache thing.