we are using route53 to manage our domain, however our www.ourdomain.com is not resolving to https.
1) Currently, we have an AWS Classic Loadbalancer with an certificate installed so that we can serve the following domains:
admin.ourdomain.com
2) The certificate we created with AWS Certificate Manager, has registered www.ourdomain.com, and ourdomain.com, as well as admin.ourdomain.com. All have been set up successfully.
3) In Route53, our admin.ourdomain.com has an A record pointing to the ALIAS of our loadbalancer.
4) In Route53 www.ourdomain.com has an A record pointing to two external IP Addresses which are firebase servers hosting our mobile app.
www.ourdomain.com is NOT resolving to https. What must we do to have them resolve to hTTPS?
I figured out the problem. I actually had to wander over to Firebase, login, and click on hosting. I then pressed "Add a domain" and added www.ourdomain.com.
It then asked me to verify the domain with a TXT record, which I added to Route53.
It then verified after waiting a bit. After this, Route53 asked me to add two A records .. which I did... after about 1 hour, our domain resolved properly to https
Related
I have a .dev domain that requires the website to be hosted using HTTPS.
I am hosting a static website on GCP. For the HTTPS Certificate, I've created one using Letsencrypt and also tried using GCP generated Cert.
I am using a Load-Balancer setup to use the HTTPS cert and serve the static website out of Storage bucket.
However when I go to my site I am told it is not secure. I am currently using GCP generated Cert, waited 12 hours and I get the following error.
How can I fix this so that I don't see it, nor need to add an exception. In this case I am even unable to add an exception with a .dev domain.
Also I have a follow up question. How can I force all HTTP traffic to use HTTPS using the Load-Balancer?
I got this working by doing the following:
Change Load-balancer IP from ephemeral to static.
Add A record of Load-balancer IP to DNS record.
Side note: if you got a Static website working with HTTP, you will also need to change the CNAME entry pointing to c.storage.googleapis.com. to an A record with the IP record of the Load-balancer.
I have an Azure web app up and running, using a custom domain purchased outside of Azure... and that all runs fine. So I have https://myappname.azurewebsites.net/ loading fine with my domain name URL https://www.myappname.com
I'm trying to upgrade the web app, though using Azure Traffic Manager. I've cloned the app a few times, each on its own app service plan, and I have the traffic manager all up and running fine. I can successfully hit different versions of my cloned website based on the traffic manager configuration profile... so no issues there.
The only issue is that I can only access the "traffic managed" version of my website via the standard azure URL -> myappname.trafficmanager.net.
All examples I've seen say all I really need to do now, is go into my DNS Management screen, and add domain forwarding, however, my online DNS management tool does not offer this option.
I can't really change my A record in the DNS management screen, because I don't know the IP address of myappname.trafficmanager.net
Every place I've tried to change the name of the current/working Azure URL (like in awverify text files, www cnames, etc.) does nothing. The DNS still points to the single instance which remains in the IP address od the DNS managers A record.
Also, since my live/single instance is linked to the domain name (along with the SSL binding), I can't add those properties to the clones, which makes sense....only one version can be live. However I could unbind that when I make the switch from the single instance web app to the traffic managed set of clones, but I fear I can only bind that to one of the clones. I can't seem to bind it to the myappname.trafficmanager.net version, which might cascade down to all of its endpoints. Is there a way to bind my domain name and SSL cert to more than one version of my web app?
Thanks!
Is there a way to bind my domain name and SSL cert to more than one
version of my web app?
I don't think you can do that unless you have two different domains or subdomains with each own SSL cert. Each web app hostname is unique globally and each SSL binding is attached with the web app domain name.
If you have a purchased domain and just keep the default xxx.azurewebsites.net as each hostname. Then you could configure the two Azure app serves as the endpoint of TM.
By default, Azure provided a wildcard cert for this domain *azurewebsites.net, so you can automatically access this hostname with HTTPS without any extra cert. Then use a CNAME record www in the domain domain.com in your DNS provider to point to the traffic manager hostname myappname.trafficmanager.net. Since Traffic Manager works as DNS level, it does not validate the server and client SSL, you could safely ignore the SSL warning when accessing with traffic manager hostname.
Feel free to let me know if you have any question.
I run a Django project deployed on AWS lambda using serverless Zappa framework. This can be accessed by a randomly generated link from AWS API Gateway lets say:-
randomly-generated-link.aws.amazon.com/production
I have also created an SSL certificate from ACM and verified it with my domain lets say
example.com
Now when i run zappa certify, this command certifies my domain successfully and creates a custom domain under API gateway console with the following configurations:-
Endpoint Configuration Edge optimized
Target Domain Name d25ihv8a5022zi.cloudfront.net
Hosted Zone ID A2FDTNGATAQYW6
ACM Certificate example.com (c504428e)
Now, I need to point my domain name example.com to randomly-generated-link.aws.amazon.com/production, so I updated my records on Godaddy with CNAME as follows:-
TYPE - CNAME NAME - example.com VALUE - d25ihv8a5022zi.cloudfront.net
TTL - 1 HOUR
EXPECTED RESULT - My application thats running on randomly-generated-link.aws.amazon.com show be accessable from example.com.
WHAT I GET - 403 ERROR
The request could not be satisfied. Bad request.
Generated by cloudfront (CloudFront)
EDIT:- So I get rid of zappa created custom domain and created new cloudfront distribution manually as follows:-
Delivery Method - Web Domain name - d35ihv8a5022fe.cloudfront.net
origin - randomly-generated-link.aws.amazon.com/production cNAMES -
example.com Status - Deployed State - Enabled
I did this because zappa generated cloudfront distribution is hidden in AWS console. However, I noticed Zappa generated distribution endpoint gives forbidden when I check the address in browser and the newly created distribution endpoint redirects to my application.
Still, going to example.com gives me 403 error.
It's not a DNS problem anymore, Could it be because Edge optimized uses CloudFront and it takes some time to deploy the new custom domain to all the edge location ? How long have you waited after enabling custom domain name ?
While debugging I like to keep TTL as short as possible. I'd set the CNAME TTL to 1 minute
Check that api-gateway custom domain names has your domain listed and you have the Base Path Mappings set correctly.
Base Path Mappings
Path /
Destination [lambda endpoint] . [production]
It may also be a good idea to host the domain if possible on route53
Apparently, I got it working. Moved my Domain nameservers to route53 and in zappa_settings.json added
"route53_enabled": true
and recertified again using zappa certify production command.
Had to wait for 40 minutes and it works!
Although, I have no idea why it does'nt work when domain management is with godaddy. Lets say route53 is a quick workaround at the moment.
Heroku DNS is causing troubles: cannot recieve any email at myuser#stickersgallito.pe that uses Google Suite as Mailbox.
My host provider is Punto.pe a peruvian company.
My projects is hosted in Heroku, in there I've 2 DNS:
1) www.stickersgallito.pe -> ancient-crab-bwwmzXXXXXXXXXXXX.herokudns.com
2) stickersgallito.pe -> functional-wallaby-XXXXXXXXXXXXXXXX.herokudns.com
I need that people can visit the site entering: www.stickersgallito.pe or just stickersgallito.pe.
So I've entered these 2 records as CNAMEs in my Host Provider Registry Panel.
Problem:
I've also set up other tools like MailGun and Google Suite (to have mailboxes like omar#stickersgallito.pe). MailGun functions correctly, I can visit the page either using: www.stickersgallito.pe or stickersgallito.pe.
But I cannot recieve emails at omar#stickersgallito.pe.
I've consulted my Host Provider and the say that the record for
stickersgallito.pe ->
functional-wallaby-XXXXXXXXXXXXXXXX.herokudns.com is the
problem. It's interfering with other records.
They don't offer any solution, but point to Heroku for a response.
Heroku point me to their documentation and if after following it's steps it doesn't work I should talk to my Host Provider.
My host provider says that if I can provide an IP Address from Heroku we could solve this. Heroku's doesn't offer an IP address as far as I know.
Google Documentation to Set Up MX Records:
https://support.google.com/a/answer/140034?hl=en
What can I do?
DNSs in Host Provider:
Registers:
UPDATE 1:
This is the kind of records my Host Provider allows me to enter: A, CNAME, TXT, MX.
When using heroku domains I get:
The CNAME record is forbidden for the root domain exactly for this reason, it doesn't allow any other records you have to work the way you want them to. In the heroku docs they say to use a CNAME like functionality for the root domain, which is ALIAS or ANAME record, but don't use CNAME, your provider should not even allow you to create it.
You can configure heroku to work for a subdomain (e.g. www) and then use a Web Forwarding/Redirecting for the root domain to the www subdomain, if your DNS host doesn't support ALIAS or ANAME record. Contact them for more information.
Here is more info about the root domain configuration: https://devcenter.heroku.com/articles/custom-domains#add-a-custom-root-domain
And here is for a subdomain: https://devcenter.heroku.com/articles/custom-domains#add-a-custom-domain-with-a-subdomain
I have a Heroku app set up with SSL certificates, and my DNS does not allow CNAME records at the Apex level. Meaning, I cannot point my A Record at my Heroku app URL (A level records can only be IP addresses and Heroku cannot provide a static IP).
There other methods (both here on stack and on heroku's guides) that recommend using other DNS providers, but I would like to try and solve this with AWS (Specifically Route53), while also retaining our https:// in the domain for SSL.
I found some guides on how to do this, but there seemed to be complications (headers messed up, cannot retain https etc). I will provide an answer below outlining how I achieved this, but encourage discussion on what repercussions my solution may incur.
I discovered this guide on the Heroku website:
Configuring Amazon Route 53 DNS for Your Heroku App
The outline of the solution is to create an S3 bucket as a static website host that simply redirects to your Route53 hosted zone. Here are the basic steps:
Create a new hosted zone on your Route 53 Management Console with your domain (example.com)
Create a CNAME entry for www.example.com with the value set as your heroku custom domain (www.example.com.herokudns.com)
Create an S3 Bucket with the same name as your domain (example.com), and set it as a static website host
In the settings for static website hosting set this to "Redirect Requests" and set the target as www.example.com and the protocol to https
Return to Route 53 and add an A Level Alias with the target as your newly created bucket
Finally point your DN Providers Name servers at your new Route 53 hosted zone (you can get the list of name servers from the sidepanel in your management console)
And that's it! After the TTL expires on your Name Servers your site should be up and running and both example.com and www.example.com