i am trying to create a certbot / lego ACME client, which can create letsencrypt certificates with the DNS plugin for Route53.
LetsEncrypt allows to "redirect" a domain to another provider with a CNAME.
https://letsencrypt.org/docs/challenge-types/
Since Let’s Encrypt follows the DNS standards when looking up TXT records for DNS-01 validation, you can use CNAME records or NS records to delegate answering the challenge to other DNS zones. This can be used to delegate the _acme-challenge subdomain to a validation-specific server or zone. It can also be used if your DNS provider is slow to update, and you want to delegate to a quicker-updating server.
But it looks like, certbot or Lego are not able to do this.
Lego has a CNAME Issue: https://github.com/go-acme/lego/issues/1580
Certbot has a CNAME Issue: https://github.com/certbot/certbot/pull/7244
Does anyone has any tool, which supports CNAME?
Related
I have mydomain.com.au setup with a DNS provider. I have successfully pointed my DNS target through Heroku to my DNS provider. However, to do so, I had to use a CNAME record to do so. As such, the web app is now available at www.mydomain.com.au.
I am trying to redirect www.mydomain.com.au to mydomain.com.au instead. This seems to be quite challenging. As per this Heroku Guide, I need to use specific DNS providers that support ALIAS or ANAME records to do this. However, none of their DNS providers support domain transfer of .com.au
Does anyone have an alternative????
You can use Cloudflare DNS, where you can enable proxy and configure the website to redirect if the user visits www.mydomain.com.au.
Heroku DNS is causing troubles: cannot recieve any email at myuser#stickersgallito.pe that uses Google Suite as Mailbox.
My host provider is Punto.pe a peruvian company.
My projects is hosted in Heroku, in there I've 2 DNS:
1) www.stickersgallito.pe -> ancient-crab-bwwmzXXXXXXXXXXXX.herokudns.com
2) stickersgallito.pe -> functional-wallaby-XXXXXXXXXXXXXXXX.herokudns.com
I need that people can visit the site entering: www.stickersgallito.pe or just stickersgallito.pe.
So I've entered these 2 records as CNAMEs in my Host Provider Registry Panel.
Problem:
I've also set up other tools like MailGun and Google Suite (to have mailboxes like omar#stickersgallito.pe). MailGun functions correctly, I can visit the page either using: www.stickersgallito.pe or stickersgallito.pe.
But I cannot recieve emails at omar#stickersgallito.pe.
I've consulted my Host Provider and the say that the record for
stickersgallito.pe ->
functional-wallaby-XXXXXXXXXXXXXXXX.herokudns.com is the
problem. It's interfering with other records.
They don't offer any solution, but point to Heroku for a response.
Heroku point me to their documentation and if after following it's steps it doesn't work I should talk to my Host Provider.
My host provider says that if I can provide an IP Address from Heroku we could solve this. Heroku's doesn't offer an IP address as far as I know.
Google Documentation to Set Up MX Records:
https://support.google.com/a/answer/140034?hl=en
What can I do?
DNSs in Host Provider:
Registers:
UPDATE 1:
This is the kind of records my Host Provider allows me to enter: A, CNAME, TXT, MX.
When using heroku domains I get:
The CNAME record is forbidden for the root domain exactly for this reason, it doesn't allow any other records you have to work the way you want them to. In the heroku docs they say to use a CNAME like functionality for the root domain, which is ALIAS or ANAME record, but don't use CNAME, your provider should not even allow you to create it.
You can configure heroku to work for a subdomain (e.g. www) and then use a Web Forwarding/Redirecting for the root domain to the www subdomain, if your DNS host doesn't support ALIAS or ANAME record. Contact them for more information.
Here is more info about the root domain configuration: https://devcenter.heroku.com/articles/custom-domains#add-a-custom-root-domain
And here is for a subdomain: https://devcenter.heroku.com/articles/custom-domains#add-a-custom-domain-with-a-subdomain
I was pointing a custom domain to my username.github.io account, by using A records in Domain Registrar (Route 53) and a CNAME in my master branch that said custom_domain.me. I want to move to https.
I created an account on cloudflare, changes the NS records on Route 53 to point to cloudflare, and changed CNAME record in my master branch to https://custom_domain.me.
I want to access https://custom_domain.me, but I cannot. I have waiting only one hour now. Am I missing something or should I just wait?
In order to use CloudFlare on a Free/Pro account; you will need to move your DNS to CloudFlare, not just simply add NS records to Route53.
Route53 commonly provide simply DNS services, you have an interesting use-case as your also using their domain name registration service.
If your domain is registered with Route53 and also using Route53 for DNS, you will need to change this so CloudFlare does your DNS by changing the nameservers.
Once with CloudFlare, your DNS will be entirely managed by CloudFlare. Run through the CloudFlare set-up, verify your DNS records and you'll be presented with 2 new CloudFlare nameservers to use.
In order to configure this, please set the nameservers in Route53 to the ones in CloudFlare: http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-name-servers-glue-records.html
My SSL certificate is all set up and ready to go on Heroku. I followed the instructions here https://devcenter.heroku.com/articles/route-53 to correctly redirect requests (e.g. example.com to www.example.com) using AWS S3. HTTPS works great when requestiong https://www.example.com; however, if I attempt to request https://example.com, the page cannot be found. Any thoughts?
Using Route 53, you want to create the following DNS records:
www.example.com CNAME your_app.herokuapp.com
example.com ALIAS your_app.herokuapp.com
Your www.example.com hostname should be a CNAME record that delegates to your Heroku App hostname. Any other regular hostnames should be CNAMEs.
The example.com "Apex" or "naked domain" record must return an A record and cannot be a CNAME. Route53 implements the ALIAS record type, which looks up the values for your_app.herokuapp.com and returns a set of current A records to match.
I've just been through this myself. The easiest and cheapest way to do it is to let Heroku (minimum 7 USD box) manage the SSL (ACM).
Add a custom domain there and enable SSL and you will be presented with a DNS target like: www.yourcustomdomain.com.herokudns.com. In Route53 add a CNAME record for your www.yourcustomdomain.com with the target into www.yourcustomdomain.com.herokudns.com.
Wait to refresh the DNS internationally.
I would assume the S3 bucket for directing the naked domain into the www.domain was done previous to the above mentioned.
I already added a custom domain to my Heroku app and it works with www.domain.com.
I need to know how to set up the domain without www to resolve to the app, too.
Here are my current DNS settings:
$TTL 86400
# IN SOA ns1.first-ns.de. postmaster.robot.first-ns.de. (
2013041500 ; serial
14400 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
# IN NS robotns3.second-ns.com.
# IN NS robotns2.second-ns.de.
# IN NS ns1.first-ns.de.
# IN A 88.198.38.XXX
localhost IN A 127.0.0.1
mail IN A 88.198.38.XXX
ftp IN CNAME www
imap IN CNAME www
loopback IN CNAME localhost
pop IN CNAME www
relay IN CNAME www
smtp IN CNAME www
www IN CNAME appname.herokuapp.com.
# IN MX 10 mail
What are the correct settings to use so that both example.com and www.example.com would point correctly to my Heroku app?
(Note: root, base, apex domains are all the same thing. Using interchangeably for google-foo.)
Traditionally, to point your apex domain you'd use an A record pointing to your server's IP. This solution doesn't scale and isn't viable for a cloud platform like Heroku, where multiple and frequently changing backends are responsible for responding to requests.
For subdomains (like www.example.com) you can use CNAME records pointing to your-app-name.herokuapp.com. From there on, Heroku manages the dynamic A records behind your-app-name.herokuapp.com so that they're always up-to-date. Unfortunately, the DNS specification does not allow CNAME records on the zone apex (the base domain). (For example, MX records would break as the CNAME would be followed to its target first.)
Back to root domains, the simple and generic solution is to not use them at all. As a fallback measure, some DNS providers offer to setup an HTTP redirect for you. In that case, set it up so that example.com is an HTTP redirect to www.example.com.
Some DNS providers have come forward with custom solutions that allow CNAME-like behavior on the zone apex. To my knowledge, we have DNSimple's ALIAS record and DNS Made Easy's ANAME record; both behave similarly.
Using those, you could setup your records as (using zonefile notation, even tho you'll probably do this on their web user interface):
# IN ALIAS your-app-name.herokuapp.com.
www IN CNAME your-app-name.herokuapp.com.
Remember # here is a shorthand for the root domain (example.com). Also mind you that the trailing dots are important, both in zonefiles, and some web user interfaces.
See also:
Doing DNS right with Heroku
Avoiding Naked Domains and DNS A-records
Remarks:
Amazon's Route 53 also has an ALIAS record type, but it's somewhat limited, in that it only works to point within AWS. At the moment I would not recommend using this for a Heroku setup.
Some people confuse DNS providers with domain name registrars, as there's a bit of overlap with companies offering both. Mind you that to switch your DNS over to one of the aforementioned providers, you only need to update your nameserver records with your current domain registrar. You do not need to transfer your domain registration.
To point your apex/root/naked domain at a Heroku-hosted application, you'll need to use a DNS provider who supports CNAME-like records (often referred to as ALIAS or ANAME records). Currently Heroku recommends:
ALIAS at DNSimple
ANAME at DNS Made Easy
ANAME at easyDNS
ALIAS at PointDNS
CNAME at CloudFlare
Whichever of those you choose, your record will look like the following:
Record: ALIAS or ANAME
Name: empty or #
Target: example.com.herokudns.com.
That's all you need.
However, it's not good for SEO to have both the www version and non-www version resolve. One should point to the other as the canonical URL. How you decide to do that depends on if you're using HTTPS or not. And if you're not, you probably should be as Heroku now handles SSL certificates for you automatically and for free for all applications running on paid dynos.
If you're not using HTTPS, you can just set up a 301 Redirect record with most DNS providers pointing name www to http://example.com.
If you are using HTTPS, you'll most likely need to handle the redirection at the application level. If you want to know why, check out these short and long explanations but basically since your DNS provider or other URL forwarding service doesn't have, and shouldn't have, your SSL certificate and private key, they can't respond to HTTPS requests for your domain.
To handle the redirects at the application level, you'll need to:
Add both your apex and www host names to the Heroku application (heroku domains:add example.com and heroku domains:add www.example.com)
Set up your SSL certificates
Point your apex domain record at Heroku using an ALIAS or ANAME record as described above
Add a CNAME record with name www pointing to www.example.com.herokudns.com.
And then in your application, 301 redirect any www requests to the non-www URL (here's an example of how to do it in Django)
Also in your application, you should probably redirect any HTTP requests to HTTPS (for example, in Django set SECURE_SSL_REDIRECT to True)
Check out this post from DNSimple for more.
I am now using Google Apps (for Email) and Heroku as web server. I am using Google Apps 301 Permanent Redirect feature to redirect the naked domain to WWW.your_domain.com
You can find the step-by-step instructions here
https://stackoverflow.com/a/20115583/1440255
You are not allowed to have a CNAME record for the domain, as the CNAME is an aliasing feature that covers all data types (regardless of whether the client looks for MX, NS or SOA records). CNAMEs also always refer to a new name, not an ip-address, so there are actually two errors in the single line
# IN CNAME 88.198.38.XXX
Changing that CNAME to an A record should make it work, provided the ip-address you use is the correct one for your Heroku app.
The only correct way in DNS to make a simple domain.com name work in the browser, is to point the domain to an IP-adress with an A record.