I've got a website with an SSL certificate for the root domain only - example.com.au
The site runs on heroku with the dns at dnsimple.com
I want all requests to www.example.com.au to go to the canonical url, ie to example.com.au and obviously this redirection needs to be set up at the dns level so that the user doesn't get stopped with an "insecure" message.
What should i put in my DNS?
I want all requests to www.example.com.au to go to the canonical url, ie to example.com.au and obviously this redirection needs to be set up at the dns level so that the user doesn't get stopped with an "insecure" message.
In short: This is not possible, because aliases at DNS level will not change the hostname.
In detail:
If the user types in www.example.com the client (i.e. the browser) will lookup the IP for this host and it will follow any DNS aliases (like a CNAME pointing to example.com) during this process. But, following DNS aliases will not cause redirects inside the browser. Instead the name in the URL will stay the same and so will be the name used to verify the certificate.
This means there is no way to do what you want at the DNS level. If you want to redirect from https://www.example.com to https://example.com you must have a certificate matching www.example.com.
Related
I have a 1&1 IONOS domain for my heroku app. the www subdomain works fine, with a CNAME setup for it. but I'm trying to redirect the root url to the www subdomain. this also works fine for http, but if the url is typed in as https://example.com, I get a ERR_SSL_PROTOCOL_ERROR (on chrome, other browsers have different errors). this is on any device, regardless of clearing cache and history etc.
my heroku logs show it's never reached, so it must be an issue within 1&1.
theres an ssl cert set on the domain with 1and1, as well as heroku's ACM.
any ideas?
To make the four URL variations (http://example.com, http://www.example.com, https://example.com, and https://www.example.com) point to a different SSL hosted site (heroku, cloudfront, etc), you need three things in IONOS:
Under DNS settings, add a CNAME entry for the www subdomain that points to your SSL hosted site (example.herokuapp.com)
Set up an HTTP Redirect under Domain Forwarding to https://www.example.com (don't check the box that states "Also set up for www subdomain")
Make sure you have an SSL wildcard certificate for *.example.com installed and attached to your domain in IONOS
It looks like all you are missing is number 3. After that, the redirect that you have setup should work as expected.
Note: example.com should be replaced by your actual domain in all of the above.
I have following domain name air8kissen.de. When I type in that domain name in browser it gets redirected to its IP address 178.128.117.168. The problem is that I setup SSL for domain name and since IP dont have SSL it shows the warning sign. When I accept to risk visiting the website, it redirects me to my domain name.
I have setup all necessary CNAME and A records inside Digitalocean domain setup and have no idea why it shows the IP address first time I visit to domain.
What should I do to fix this?
Cheers
This is not a DNS or SSL issue, You need to setup the Virtual Host for your domain at your webserver, and check any redirection rules placed at your webserver level.
I'm looking to connect my domain to a heroku app. So far, the tutorials I've read say we want Namecheap to have the following records for domain example.com:
CNAME Record www www.example.com.herokudns.com
URL Redirect # https://www.example.com
With this config, I can successfully get to my homepage using:
http://example.com/
http://www.example.com/
https://www.example.com/
But for some reason https://example.com/ won't connect and times out. Does anyone know if there's a way to get both https://example.com/ and https://www.example.com/ to redirect successfully?
You won't be able to do this with DNS provided redirects.
The reason is that at the point of redirect, ie your DNS provider they would need to:
Accept https/443 requests to their redirector
have a valid certificate for hacksofcharity.com
if they don't you'll either receive a timeout, or a certificate mismatch in your browser. When apex domains are involved with https then your only option is to be using a DNS provider that supports using CNAME - see https://devcenter.heroku.com/articles/custom-domains#add-a-custom-root-domain and perform any redirects within your application code base.
I have two domains with GoDaddy: foo.com and bar.com
I want to redirect foo.com to bar.com/foo
I tried setting up Domain Forwarding from within the GoDaddy Dashboard and it did work, but not for HTTPS (which is the URL indexed within Google).
I checked with GoDaddy Support and received this response:
That will not work because your domain does not have an SSL Certificate active and there is no way to activate an SSL Certificate on it with a forward.
Maybe I'm overthinking this, but here's an alternative approach I had in mind:
Set the A record of foo.com to the same IP address that bar.com is using
Within the website code of bar.com, check the $_SERVER['SERVER_NAME'] and redirect appropriately
By using plain DNS this is not possible, the reason for this is that DNS is a protocol different than HTTP.
Some providers offer "forwarding" options but behind the scenes, they point your domain to an HTTP server the one later does the redirect.
For example, using CloudFlare this could be very easy to achieve, you need to setup up only one domain, let's say foo.com and then just create a page rule to redirect traffic to bar.com/foo, the rule could be something like:
*foo.com*
More info about the page rules can be found here: https://support.cloudflare.com/hc/en-us/articles/200168306-Is-there-a-tutorial-for-Page-Rules-
I am using Namecheap for domain registration and for DNS, and using Heroku for hosting. I have purchased an SSL certificate through Namecheap and set it up with Heroku, and have it nearly working perfectly.
Currently, I have a DNS CNAME record with host "www" pointing to "[whatever].herokussl.com.", and a "#" host record set to URL Redirect (301) to "http://www.[domain].com".
My app itself forces all HTTP traffic to redirect to HTTPS, so "http://www.[domain].com" goes to "https://www.[domain].com".
I am getting the following results:
http://www.[domain].com - properly navigates to site as HTTPS
https://www.[domain].com - properly navigates to site as HTTPS
http://[domain].com - properly navigates to site as HTTPS
https://[domain].com - **does not** navigate to site, and instead the browser cannot find the page
I believe this has to do with how the URL Redirect behaves behind the scenes. I had originally done this as CNAME record pointing directly to "[whatever].herokussl.com.", but apparently doing that on the zone apex blocks MX records...
What do I need to do to get the desired behavior? I simply want all naked or "www" domains to point to my "www" domain.
UPDATE: More information regarding my DNS settings
HOST NAME IP ADDRESS/URL RECORD TYPE
--------- -------------- -----------
# http://www.[domain].com URL Redirect (301)
www [whatever].herokussl.com. CNAME (Alias)
My SSL certificate was not a wildcard, just an EssentialSSL certificate from Comodo. I'm fine if only www.[domain].com works (with a redirect from the naked domain), although when I was using a CNAME for both the apex and "www", it was working as a naked domain with SSL just fine.
If you use DnsSimple, you can use their ALIAS record feature.
The DnsSimple ALIAS record is not a standard DNS record type, and is not the same thing as a CNAME record. Rather, DnsSimple supports it in a special way, by performing the DNS resolution for you and returning to your browser the results. This is different from all other DNS records, where the DNS server performs no processing but simply returns the record to your browser on-demand.
There may be other DNS vendors with their own similar features.
However, with only vanilla DNS, HTTP-only 3xx's from your nameserver, and Heroku, there is no way to get SSL to the zone apex (the domain name with no www.).