I bought an SSL certification for one of my sud-domains. It works perfectly, but when I changed the zone file to clean it up a little, I went into a problem that I still don't understand.
Here is the simplified version of my zone file:
IN A 1.2.3.4
IN AAAA 2001::1
* IN A 1.2.3.4
* IN AAAA 2001::1
xxxspecialkeyxxx.securesubdomain 10800 IN CNAME yyyspecialkeyyyy.sslregistrar.com.
securesubdomain IN A 1.2.3.4
securesubdomain IN AAAA 2001::1
What I don't understand is why it doesn't work if I remove the last two lines, like this:
IN A 1.2.3.4
IN AAAA 2001::1
* IN A 1.2.3.4
* IN AAAA 2001::1
xxxspecialkeyxxx.securesubdomain 10800 IN CNAME yyyspecialkeyyyy.sslregistrar.com.
Why the wildcards can handle all my subdomains, but not my secured one?
Related
I registered a domain over at Godaddy : example.com, then created an account with Cloudflare and added the Nameservers they give to Godaddy, after that i added my custom domains to heroku.Then I followed the steps in this guide Configure Cloudflare and Heroku over HTTPS.
This guide says to set the CNAME for the (www and RootDomain) to the default Heroku domain name provisioned for my app, so I used example.herokuapp.com for both and marked everything to pass through cloudflare "orange cloud".
Now my DNS settings in Cloudflare are like so:
Type Name Value TTL
CNAME example.com is an alias of example.herokuapp.com Automatic
CNAME www is an alias of example.herokuapp.com Automatic
And Heroku Dashoard
Domain Name DNS Target
(X) example.com example.com.herokudns.com
(X) www.example.com www.example.com.herokudns.com
I got this error marker (X) in herokus dashboard with a failing tooltip popout and a message:
Automated Certificate Management has failed for the following domains:
| Domain | Reason | | :--- | :--- | | example.com | | | www.example.com | |
What am I missing why am i getting this error, my site loads and its using https from Cloudflare.
Should i use the DNS Target from heroku example.com.herokudns.com and www.example.com.herokudns.com instead of example.herokuapp.com but they warn Cloudflare's security and speed features will not work
I've already seen the following
https://superuser.com/questions/685353/ssl-certificate-for-cname-record
CNAME SSL certificates
I have a domain, say example1.com for which I have purchased an SSL certificate. I have another domain example2.com. I want to add a CNAME record for example1 on example2 and enforce it to work with SSL (even if I have to purchase another certificate for example2)
Somewhat like:
NAME | TYPE | VALUE
--------------------+-------------------+-------------------------------
sub.example2.com CNAME https://sub.example1.com
where
sub.example1.com already has SSL
sub.example2.com does not have SSL (yet)
As per what I've learnt, SSL certificates are installed on the web server ( Apache for example ), and not on the DNS level.
How can I setup SSL for the subdomain ???
multiple SSL
You need to add it to your Apache conf file.
I have a domain balanced in 2 IPs:
A - domain.com - 1.1.1.1
A - domain.com - 2.2.2.2
but I want to convert the IPs on CNAMEs:
So, i've created 2 "A" entries:
A - master - 1.1.1.1
A - slave - 2.2.2.2
and I want to create 2 CNAMEs from root domain to another 2 servers in order to get working as load balancer:
CNAME - domain.com - master.domain.com
CNAME - domain.com - slave.domain.com
but Cloudflare don't permitt create 2 same CNAMEs although the domain target be different
How can I create an "domain.com" entry to get targeted to the 2 another load balance servers by using CNAMEs?
I've created 2 "A" records:
A - balanced - 1.1.1.1
A - balanced - 2.2.2.2
and then link CNAME to "A"
CNAME - www - balanced.domain.com
Recently, I've begun trying to deploy my Heroku app to my domain name. I've added SSL Endpoint, bought a cert, configure the cert, and changed the DNS. Yet I still get the warning You attempted to reach www.foo.com but instead reaching a server identified as *.herokuapp.com
I've read the SSL Endpoint documentation, DNSimple's documentation, but nothing seems to fix this.
Here's what is returned from the usual perpetrators:
$ heroku certs
Endpoint Common Name(s) Expires Trusted
---------------------- ---------------------- -------------------- -------
SSL_NAME.herokussl.com www.foo.com, foo.com 2014-09-17 04:29 UTC True
$ heroku domains
=== foo Domain Names
www.foo.com
foo.com
foo.herokuapp.com
And the DNS records (via DNSimple):
CNAME www.foo.com SSL_NAME.herokussl.com
ALIAS foo.com SSL_NAME.herokussl.com
TXT foo.com ALIAS for SSL_NAME.herokussl.com
I've also tried just simply:
CNAME www.foo.com SSL_NAME.herokussl.com
URL foo.com https://www.foo.com
Am I missing something here? I have waited multiple days for the DNS changes to go into effect, yet this is still occurring. If any other information would help, just let me know! Thanks!
Turns out that I forgot that I had the Zerigo DNS add-on installed which had a CNAME record pointed to proxy.herokuapp.com. I removed the add-on (since my DNS was configured elsewhere) and it works as it should!
I'm not very skilled at debugging DNS issues. I'm trying to configure two named virtual hosts in apache2 at foo.com and dev.foo.com
Currently I'm getting a DNS error that I'm not sure how to resolve, and whether it's related to my apache configuration. However, apache does not complain or submit an error log on reload.
dns_master_load: /dev/shm/bind/DO/db.foo.com:14: www.foo.com: CNAME and other data
zone foo.com/IN: loading from master file /dev/shm/bind/DO/db.foo.com failed: CNAME and other data
zone foo.com/IN: not loaded due to errors.
My zone file is the following:
$TTL 1800
# IN SOA NS1.nsexample.COM. hostmaster.foo.com. (
1378763038 ; last update: 2013-09-09 21:43:58 UTC
3600 ; refresh
900 ; retry
1209600 ; expire
1800 ; ttl
)
IN NS NS1.nsexample.COM.
NS NS2.nsexample.COM.
NS NS3.nsexample.COM.
# IN A 123.456.78.910
www IN A 123.456.78.910
www CNAME #
ww CNAME #
dev IN A 123.456.78.910
Thanks in advance for the help!
You cannot have CNAME and any other record for the same DNS name:
www IN A 123.456.78.910
www CNAME #
In this case the second line is superfluous, you can delete the CNAME record.
You are missing the IN in CNAME and the www CNAME is redundant. It should be:
# IN A 123.456.78.910
www IN A 123.456.78.910
ww IN CNAME #
dev IN A 123.456.78.910
If it were up to me though, I would change it to:
# IN A 123.456.78.910
www IN A 123.456.78.910
ww IN A 123.456.78.910
dev IN A 123.456.78.910
Use A records where possible, saves having to create MX and NS records. It also saves having to fetch any CNAME/A records it is attached to.