I'm confused with this line in the Heroku docs (https://devcenter.heroku.com/articles/ssl-certificate)
You must enter a subdomain in the “Host Name” field. Leaving it blank will generate a root-domain certificate which is not compatible with Heroku’s SSL endpoint.
What I want is https://foo.com and https://www.foo.com to work.
So what do I need to fill in this field to get a SSL certificate that will help me achieve the above?
The rest of the steps (setting CNAME to Heroku's SSL endpoint, adding an ALIAS to redirect the root domain etc) are clear to me. I'm just stuck on this step, should it be blank or 'www' or something else?
If you want your certificate to be valid for the rood domain AND the www hostname, then you should use the www.example.com version.
You can also purchase a wildcard, but unless you need to support any extra subdomain, the cost is not worth in this case.
More details are available in the support page Selecting the Certificate Hostname.
You should fill in www.
www is just a subdomain so that will solve your www.foo.com problem but you will have to redirect the naked domain https://foo.com to the www one though.
Enter "*" for your host name, it will be valid for all subdomains including the root subdomain.
Related
I have a website for my podcast built with Python / Django that is hosted on Heroku: https://dinpodcast.herokuapp.com/
I have a custom domain parked on GoDaddy, dinpodcast.com, that has a www CNAME directing to my heroku application. This works just fine: https://www.dinpoddcast.com
I wanted dinpodcast.com to redirect to the www website, so I have the following domain forwarding set up on Godaddy:
This also works great, for the most part. Now, when I enter http://dinpodcast.com, or just dinpodcast.com, both will redirect to https://www.dinpodcast.com.
Here's the problem. When I enter the naked domain WITH HTTPS, so when I enter https://dinpodcast.com into a browser's address bar, I get the following response:
Here's what I THINK is happening. My SSL certificate is provided by Heroku under their Automated Certificate Management program. So, I assume that since I don't have an SSL certificate with GoDaddy, it's timing out trying to find one before it can redirect to my www subdomain. Would this be correct? If so, is there any way around this WITHOUT buying an SSL certificate with GoDaddy? If that's not what's happening, then what is and how do I fix it?
When you create an ssl certificate in your domain do you include your root domain? Tried using this tool in your root domain and it seems that there is no ssl certificate. However the subdomain https://dinpodcast.herokuapp.com/ has one. I suggest putting an ssl certificate in all subdomain and root domain that you are using.
I also checked the root domain’s IP address using this tool and checked port 443 using another tool and apparently the port is closed. Double check your firewall and make sure 443 is open.
I have 2 domains, one at Register.com and one at Godaddy. I need them both to point to one Heroku app, and the following scenarios to work:
http://domain1.com
http://domain2.com
http://www.domain1.com
http://www.domain2.com
https://domain1.com
https://domain2.com
https://www.domain1.com
https://www.domain2.com
All of the above should all end up at one heroku app at https://www.domain1.com
Being that it's Heroku, I have no access to the .htaccess, and I've heard you're only allowed one SSL cert per app. I also have forwarding setup at GoDaddy, but apparently forwarding does not work if you try to forward from https on a non-hosted app.
Your cert has to match the domain name that the client will try to answer, this means that when you make it the Subject Alternative Names (SANs) have to include www.domain1.com, domain1.com, www.domain2.com, domain2.com, and the domain/ip of your actual heroku app.
For your DNS records, if the heroku app is at a Fully Qualified Domain Name (FQDN), and not an ip then follow these steps:
Forward your root domain, e.g. example.com to www.example.com, and make the CNAME record www. 300 IN CNAME domain.of.heroku.app
If the heroku app is reachable at a static ip follow this:
Make an the following A records for both your domains:
# 300 IN A ip-here
I have two domains with GoDaddy: foo.com and bar.com
I want to redirect foo.com to bar.com/foo
I tried setting up Domain Forwarding from within the GoDaddy Dashboard and it did work, but not for HTTPS (which is the URL indexed within Google).
I checked with GoDaddy Support and received this response:
That will not work because your domain does not have an SSL Certificate active and there is no way to activate an SSL Certificate on it with a forward.
Maybe I'm overthinking this, but here's an alternative approach I had in mind:
Set the A record of foo.com to the same IP address that bar.com is using
Within the website code of bar.com, check the $_SERVER['SERVER_NAME'] and redirect appropriately
By using plain DNS this is not possible, the reason for this is that DNS is a protocol different than HTTP.
Some providers offer "forwarding" options but behind the scenes, they point your domain to an HTTP server the one later does the redirect.
For example, using CloudFlare this could be very easy to achieve, you need to setup up only one domain, let's say foo.com and then just create a page rule to redirect traffic to bar.com/foo, the rule could be something like:
*foo.com*
More info about the page rules can be found here: https://support.cloudflare.com/hc/en-us/articles/200168306-Is-there-a-tutorial-for-Page-Rules-
I have a somedomain.com on CloudFlare with free SSL. And I have subdomains: eg. pl.somedomain.com.
SSL works on:
https://somedomain.com
https://www.somedomain.com
https://en.somedomain.com
https://pl.somedomain.com
but not works on:
https://www.pl.somedomain.com
https://www.fr.somedomain.com
So I am looking for some solution these subdomains work.
http://www.fr.somedomain.com redirects to https://www.fr.somedomain.com
and I have error.
Is any solution using .htaccess or Page Rules to do this?
This is a limitation of SSL in general. No browsers support multi-level wildcard certificates and no trusted CA will issue them (in SSL world www. is also counted as sub-domain). The free universal SSL certificate provided by Cloudflare supports the root and wildcard domain on a shared certificate. For more levels, dedicated certificates or custom host names a different certificate is needed.
If you are looking to secure multiple wildcard domains, but want to keep them all under one certificate, than you should go for the Multi-Domain Wildcard SSL certificates.
Multi-Domain Wildcard Certificates can secure both fully-qualified domain names and wildcard domains within their SAN entries. The coverage for a Multi-Domain wildcard certificate would look like this:
Common Name: domain.com
SAN 1: *.website.org
SAN 2: www.example.net
SAN 3: *.mail.site.com
SAN 4: address.edu
I am not sure if you can apply page rules to 2 level deep domain names, but give the following a try (based on tutorial from CloudFlare):
Redirect from pattern:
https://www.*.somedomain.com/*
to:
https://$1.somedomain.com/$2
On the CloudFlare website, they mentioned redirecting by using the redirect option in their control panel.
1. Go to Control panel and select page rules.
2. On page rule section add new URL and make sure to select forwarding option enabled.
3. Enter the destination URL and select the forwarding type.
For example,
Example forwarding to Google+:
Imagine you have a Google+ profile and you want to make it easy for anyone coming to get to simply by going to a URL like:
*www.example.com/+
*example.com/+
Give that a try, and if you are still getting this issue afterward, I advise checking this list of other SSL providers that is free.
I am trying to setup wildcard sub-domain. So my domain is www.mydomain.com so anything comes like this test.mydomain.com, welcome.mydomain.com will work, that is fine.
When it comes to SSL, if I am buying SSL for www.mydomain.com then will that same SSL certificate works for test.mydomain.com, welcome.mydomain.com? Since they are not real sub-domains just virtual.
If not do I need to buy wildcard SSL?
If I think technically all the wildcard sub-domains will point to same root folder and IP. From there using my code I will deliver different content. In that case my SSL certificate for www.mydomain.com will also work for test.mydomain.com right? I am not sure.
Any Guess?
NAME in the SSL certificate must exactly match domain name of the site. You need wildcard certificate. Non-wildcard will produce a wrong-site warning.