Root Domain Not Redirecting DNSimple - ssl

I currently have my application hosted on Heroku using an SSL. I purchased my SSL and setup the SSL endpoint and all works well using DNSimple.
The issue I am having is getting my root domain to redirect to my sub domain.
Currently our application is hosted only on the secured sub domain "example.website.com" and not on the root domain "website.com"
I have tried setting up an ALIAS, CNAME and URL redirect with DNSimple but every time I type in "website.com" I receive a Heroku Error: There is no app configured at that hostname.
Perhaps the app owner has renamed it, or you mistyped the URL.
If I type in www.website.com, it will successfully redirect to my secure sub domain url. Not sure why the root itself wont transfer
*SSL was NOT purchased as a wild card. It was granted a specific sub domain url

In DNsimple you should use a URL type to redirect website.com to example.website.com. Here is a working setting (this is the reverse of yours, ie www. to none www. address);
It could be that you are not waiting long enough for the changes to take effect.

Related

Why won't my https://domain forward to www?

I have a website for my podcast built with Python / Django that is hosted on Heroku: https://dinpodcast.herokuapp.com/
I have a custom domain parked on GoDaddy, dinpodcast.com, that has a www CNAME directing to my heroku application. This works just fine: https://www.dinpoddcast.com
I wanted dinpodcast.com to redirect to the www website, so I have the following domain forwarding set up on Godaddy:
This also works great, for the most part. Now, when I enter http://dinpodcast.com, or just dinpodcast.com, both will redirect to https://www.dinpodcast.com.
Here's the problem. When I enter the naked domain WITH HTTPS, so when I enter https://dinpodcast.com into a browser's address bar, I get the following response:
Here's what I THINK is happening. My SSL certificate is provided by Heroku under their Automated Certificate Management program. So, I assume that since I don't have an SSL certificate with GoDaddy, it's timing out trying to find one before it can redirect to my www subdomain. Would this be correct? If so, is there any way around this WITHOUT buying an SSL certificate with GoDaddy? If that's not what's happening, then what is and how do I fix it?
When you create an ssl certificate in your domain do you include your root domain? Tried using this tool in your root domain and it seems that there is no ssl certificate. However the subdomain https://dinpodcast.herokuapp.com/ has one. I suggest putting an ssl certificate in all subdomain and root domain that you are using.
I also checked the root domain’s IP address using this tool and checked port 443 using another tool and apparently the port is closed. Double check your firewall and make sure 443 is open.

Why is my IONOS 1&1 root not redirecting correctly over ssl?

I have a 1&1 IONOS domain for my heroku app. the www subdomain works fine, with a CNAME setup for it. but I'm trying to redirect the root url to the www subdomain. this also works fine for http, but if the url is typed in as https://example.com, I get a ERR_SSL_PROTOCOL_ERROR (on chrome, other browsers have different errors). this is on any device, regardless of clearing cache and history etc.
my heroku logs show it's never reached, so it must be an issue within 1&1.
theres an ssl cert set on the domain with 1and1, as well as heroku's ACM.
any ideas?
To make the four URL variations (http://example.com, http://www.example.com, https://example.com, and https://www.example.com) point to a different SSL hosted site (heroku, cloudfront, etc), you need three things in IONOS:
Under DNS settings, add a CNAME entry for the www subdomain that points to your SSL hosted site (example.herokuapp.com)
Set up an HTTP Redirect under Domain Forwarding to https://www.example.com (don't check the box that states "Also set up for www subdomain")
Make sure you have an SSL wildcard certificate for *.example.com installed and attached to your domain in IONOS
It looks like all you are missing is number 3. After that, the redirect that you have setup should work as expected.
Note: example.com should be replaced by your actual domain in all of the above.

How do you force HTTPS with Namecheap and Heroku?

I am working on setting up SSL with Heroku and Namecheap.
On Heroku I currently have the domains:
Domain Name - DNS Target
www.app.domain.io - www.app.domain.io.herokudns.com
www.domain.io - www.domain.io.herokudns.com
On NameCheap I have:
Type - Host - Value
CNAME Record - app - www.app.domain.io.herokudns.com
CNAME Record - www- www.domain.io.herokudns.com
URL Redirect Record - # - https://www.domain.io
CNAME Record - www - https://www.domain.io
What works:
www.domain.io works fine and does not redirect to include https
domain.io just fails to reach a site
https://www.domain.io works great!
https://domain.io fails to reach a site.
http://www.app.domain.io/ fails to reach a site.
https://www.app.domain.io/ fails to reach a site.
http://app.domain.io/ reached the heroku nothing there yet page.
Ideally, all pages should always redirect to include https and www. Any idea what I'm doing wrong?
I fixed the problem. I added redirect records so that if the url was entered with or without www and with or without https it would be redirected to include https and www. This required 4 redirects for the domain.
In addition, the app.domain.io url had not content because I hadn't set something up there yet. I was planning on using the app.domain.io for a new heroku app later on.
Remember to wait long enough and try clearing your cache to see if the issue is resolved.
Edit
In my domain settings under Redirect Domain
Source Url Destination Url
domain.xyz https://www.domain.xyz/
www.domain.xyz https://www.domain.xyz/
The above ensures https is always used.
In my domain advanced DNS settings under Host Records
Type Host Value TTL
CNAME Record www <link from heroku> 30 min
URL Redirect Record # https://www.domain.xyz/ unmasked
URL Redirect Record www https://www.domain.xyz/ unmasked
This is what you need to do on namecheap to work with a heroku app. There is more to do on the heroku side of things.
In Heroku under app settings there is a Domains and certificates section.
You can add your domain there. This will create a DNS Target which is what you put in the <link from heroku> block from above. Heroku will also let you use LetsEncrypt and they will automatically refresh your SSL certificate.
Remember to wait awhile between changes. DNS changes can take up to 24 hours to apply.
For anyone using Heroku, Django, and namecheap that still has a similar problem (i.e. you have a working https website, but http is not automatically routed to https), you also have to set SECURE_SSL_REDIRECT = True in your settings.py file. Making this addition fixed the issue in my case.
This change, in addition to the URL configurations posted in #Programmingjoe's answer, should fix the issue.

Forwarding https://example.com to https://www.example.com

Trying to get
https://example.com
To not refuse the connection, to show my website, and to redirect to:
https://www.example.com
Without having to switch my DNS hosting to DNSimple or adding another service provider.
My domain was purchased on GoDaddy. DNS is on GoDaddy as well, set up as shown below.
My app is hosted on Heroku, using a Let's Encrypt certificate, that I installed following this answer.
Currently using Helmet+express-enforces-ssl to force hsts.
I have read the following info:
Heroku SSL on root domain ; Heroku SSL Endpoints ; The Limitations of DNS A-Records
The last of which states:
(...) applications requiring SSL encryption should use the
ALIAS/ANAME configuration on the root domain. Subdomain redirection
will cause a browser error when the root domain is requested over SSL
(i.e. https://example.com).
Which seems to be my problem (?).
How do I set this up on GoDaddy?

SSL at the root domain on heroku

I've got a website with an SSL certificate for the root domain only - example.com.au
The site runs on heroku with the dns at dnsimple.com
I want all requests to www.example.com.au to go to the canonical url, ie to example.com.au and obviously this redirection needs to be set up at the dns level so that the user doesn't get stopped with an "insecure" message.
What should i put in my DNS?
I want all requests to www.example.com.au to go to the canonical url, ie to example.com.au and obviously this redirection needs to be set up at the dns level so that the user doesn't get stopped with an "insecure" message.
In short: This is not possible, because aliases at DNS level will not change the hostname.
In detail:
If the user types in www.example.com the client (i.e. the browser) will lookup the IP for this host and it will follow any DNS aliases (like a CNAME pointing to example.com) during this process. But, following DNS aliases will not cause redirects inside the browser. Instead the name in the URL will stay the same and so will be the name used to verify the certificate.
This means there is no way to do what you want at the DNS level. If you want to redirect from https://www.example.com to https://example.com you must have a certificate matching www.example.com.