Heroku SSL Redirection Error - ssl

I bought the ssl certificate, added the ssl endpoint, changed the CNAME in my DNS to redirect to the ssl url provided by Heroku
Going to http://thekds.org Redirects me to https://kappa-delta.herokuapp.com instead of https://thekds.org. WHY IS THIS???

When you use the SSL:endpoint you can't access the site on the URL assigned to the SSL endpoint so you can't implement a redirect here. You need to have to DNS records CNAME'd to the herokussl.com address that was provided when the endpoint was added.
I'll also add, you need to ensure that because you want to use the apex record (ie thekds.org) that you need to use a DNS provider that supports using CNAME records there. DNSimple, DNSmadeeasy, PointDNS to name a few support this record type.

Related

Is there an equivalent to ALIAS/ANAME?

I am trying to get an SSL certificate on my custom domain on Heroku and the last thing it told me to do is add the following records:
Domain Record Type DNS Target
─────────────────── ─────────── ─────────────────────────────────
www.gethomesync.com CNAME www.gethomesync.com.herokudns.com
gethomesync.com ALIAS/ANAME gethomesync.com.herokudns.com
But my domain registrar GoDaddy doesn't have an option to add ALIAS or ANAME. I don't know much about DNS having only done quite basic tasks as and when I've needed them, is there an equivalent to ALIAS/ANAME that I can use through GoDaddy?
Thanks
A warning here. As pointed by #NikitaAvvakumov and #deviant in some comments, the accepted answer is not correct.
As mentioned in Heroku docs,
Root domains on Heroku require the use of "CNAME-like" records, often referred to as ALIAS or ANAME records.
Without these records,
Requests to https://example.com will fail with an SSL error.
Again, even if you choose to redirect from your root domain to a subdomain (ex: from example.com to www.example.com), it will only work for non-SSL requests. Any request to https://example.com will fail with an SSL error.
A simple solution to that would be to use another DNS host. For example, I use CloudFlare (the free plan is more than enough and offers great features) which uses what is called CName flattening that works with Heroku like having an ALIAS (they use this by default - you don't have to do anything else than configuring your nameservers and adding DNS records. You can check both Heroku and CloudFlare for tutorials - it's pretty easy).
You don't need to set up ALIAS/A record, just create a CNAME record pointing to gethomesync.herokussl.com (you can check the endpoint name with heroku certs Heroku Documentation):
Type Name Value
CNAME www gethomesync.com.herokudns.com
To create a naked domain (removes the need to write www) you need to forward your gethomesync.com to wwww.gethomesync.com:
Under Forwarding click on Domain -> 'Manage' -> then click 'Add Forwarding'
'Forward to' should be wwww.gethomesync.com (your domain)
'Redirect type' should be '301
'Forward settings' should be 'Forward only'

Point to CNAME to openshift throws certificate issue

I have my domain CNAME point to myapp-mynamespace.rhcloud.com however it throws this certificate error:
Doing rhc alias add proxy proxy.mynamespace.com would do the trick.
However, I just want to point arbitrary domain CNAME (like ww2 of xyz.com, abc.com or somedomain.com) to myapp-mynamespace.rhcloud.com
How do I get around this ssl issue, is it possible that when I point ww2 CNAME of xyz.com to my openshift app (myapp-mynamespace.rhcloud.com) it will not do https or ssl thing--just plain http.
You don't want a CNAME record, you want a web redirection, else the domain name will remain the one that points to rhcloud.com and the certificate will still be invalid for your web clients.
If you want to use SSL with your custom domain on OpenShift then you will need to upgrade to the Bronze or Silver plan and purchase an SSL certificate and install it for your alias.

SSL How to with dynamic dns

I've got a home server that sits behind a dynamic ip address. I use a free dynamic dns service (http://freedns.afraid.org/) so that I can access my server via the following (fake) hostname foo.example.com
I use bluehost to host a separate domain, mycompany.com, and used their DNS settings to set up a CNAME to route traffic for mycompany.com to foo.example.com
What i want to do now is throw an SSL cert into the mix. The problem is I don't know how to go about getting the cert. Some companys (godaddy) want me to associate a domain to the cert. I don't know if that's mycompany.com or foo.example.com. Even if i pick one, it seems like the browser would complain about a mismatch.
Any insight would be great.
If the website gets accessed as https://foo.example.com you need a certificate for foo.example.com. If it gets accessed as https://mycompany.com you need a certfificate for mycompany.com. If it needs to be accessed with both names (like if one side would redirect to the other) you need a certificate containing both names.

What should I put in Host Name when buying a DNSimple SSL certificate for it to work with the Heroku ssl addon?

I'm confused with this line in the Heroku docs (https://devcenter.heroku.com/articles/ssl-certificate)
You must enter a subdomain in the “Host Name” field. Leaving it blank will generate a root-domain certificate which is not compatible with Heroku’s SSL endpoint.
What I want is https://foo.com and https://www.foo.com to work.
So what do I need to fill in this field to get a SSL certificate that will help me achieve the above?
The rest of the steps (setting CNAME to Heroku's SSL endpoint, adding an ALIAS to redirect the root domain etc) are clear to me. I'm just stuck on this step, should it be blank or 'www' or something else?
If you want your certificate to be valid for the rood domain AND the www hostname, then you should use the www.example.com version.
You can also purchase a wildcard, but unless you need to support any extra subdomain, the cost is not worth in this case.
More details are available in the support page Selecting the Certificate Hostname.
You should fill in www.
www is just a subdomain so that will solve your www.foo.com problem but you will have to redirect the naked domain https://foo.com to the www one though.
Enter "*" for your host name, it will be valid for all subdomains including the root subdomain.

Heroku SSL DNS Settings

I am using Namecheap for domain registration and for DNS, and using Heroku for hosting. I have purchased an SSL certificate through Namecheap and set it up with Heroku, and have it nearly working perfectly.
Currently, I have a DNS CNAME record with host "www" pointing to "[whatever].herokussl.com.", and a "#" host record set to URL Redirect (301) to "http://www.[domain].com".
My app itself forces all HTTP traffic to redirect to HTTPS, so "http://www.[domain].com" goes to "https://www.[domain].com".
I am getting the following results:
http://www.[domain].com - properly navigates to site as HTTPS
https://www.[domain].com - properly navigates to site as HTTPS
http://[domain].com - properly navigates to site as HTTPS
https://[domain].com - **does not** navigate to site, and instead the browser cannot find the page
I believe this has to do with how the URL Redirect behaves behind the scenes. I had originally done this as CNAME record pointing directly to "[whatever].herokussl.com.", but apparently doing that on the zone apex blocks MX records...
What do I need to do to get the desired behavior? I simply want all naked or "www" domains to point to my "www" domain.
UPDATE: More information regarding my DNS settings
HOST NAME IP ADDRESS/URL RECORD TYPE
--------- -------------- -----------
# http://www.[domain].com URL Redirect (301)
www [whatever].herokussl.com. CNAME (Alias)
My SSL certificate was not a wildcard, just an EssentialSSL certificate from Comodo. I'm fine if only www.[domain].com works (with a redirect from the naked domain), although when I was using a CNAME for both the apex and "www", it was working as a naked domain with SSL just fine.
If you use DnsSimple, you can use their ALIAS record feature.
The DnsSimple ALIAS record is not a standard DNS record type, and is not the same thing as a CNAME record. Rather, DnsSimple supports it in a special way, by performing the DNS resolution for you and returning to your browser the results. This is different from all other DNS records, where the DNS server performs no processing but simply returns the record to your browser on-demand.
There may be other DNS vendors with their own similar features.
However, with only vanilla DNS, HTTP-only 3xx's from your nameserver, and Heroku, there is no way to get SSL to the zone apex (the domain name with no www.).