DNS with Heroku and Google Domains - SSL forwarding - heroku

I am hosting a website at example.herokuapp.com. I own the domain example.com on Google Domains (Registrar). I also have GSuite setup for this domain (email).
I'd like to forward everything to either https://www or https://.
So far, I can get:
[Failure] https://example.com/ -> "This site can’t be reached" Chrome error page
[Success] http://example.com/ -> https://www.example.com/
[Success] https://www.example.com/ -> https://www.example.com/
[Failure] http://www.example.com/ -> http://www.example.com/
In Google Registrar, I have:
Name Servers
Use the Google Domains name servers
Synthetic records
example.com -> https://www.example.com (302)
Custom resource records
NAME | TYPE | TTL | DATA
-----+-------+-----+------------------------------
# | MX | 1h | 10 aspmx.l.google.com. (and others) <- mail
www | CNAME | 1h | www.example.com.herokudns.com.
Running heroku domains gives me
www.example.com www.example.com.herokudns.com
example.com example.com.herokudns.com
Running heroku certs:auto gives me
www.example.com DNS Verified
example.com Failing
How do I get the two failing urls to work?
My hypothesis is I need another CNAME for example.com.herokudns.com but I can't add one for #.

I have gotten this to work via the following steps:
In Heroku, Settings > Domains and Certificates: Configure SSL, Select Automatically - Automated Certificate Management
Copy the DNS Target that looks something like: www.sitename.com.herokudns.com
In Google DNS, My Domains > Configure DNS Synthetic Records. In subdomain, input the actual site address again. I know that it sounds like this shouldn't work, but typing in the domain name as the subdomain forces Google DNS to just do the synthetic record as the standard raw domain. It ends up looking like website.com .website.com --> https://www.website.com. Check Temporary redirect, Do not forward path, Enable SSL.
Custom resource records -- Name: www, Type CNAME, TTL: 1h, Data: DNS Target copied from step 2.
If the user types in website.com or http://website.com, it will properly redirect to https://www.website.com. I can't seem to get www.website.com to redirect and have resorted to using the options here.
Hope this helps!

Related

Single laravel install, multiple domains, SSL Encryption

I'm building an app in Laravel that has a single codebase that will serve multiple domain names, a new domain can be added in the CMS, and all that should have to be done for that new domain to work is have it's records pointed to the server. The CMS itself will then display the appropriate pages for that domain, based on the request()->getHost(); function.
The app is being managed with Laravel Forge.
My question is regarding nginx, and LetsEncrypt: I would like all new domains added in this way to be secured via SSL, would every new domain need to be added to forge manually, or is there some way to allow a wildcard TLD in the certificate? (And if so, is that a security risk?).
Will nginx require some specific configuration to work with wildcard TLDs?
My aim is to avoid additional configuration and have it automatic, with the domain name simply being added to the backend.
Thanks!
Please follow the Steps. Hope it will work for you.
1 - First clone Letsencrypt/Certbot repo from Github
cd /opt
git clone https://github.com/certbot/certbot.git
2 - Now enter new created directory and run certificate bot
cd certbot
./letsencrypt-auto certonly --manual --preferred-challenges=dns --email mymail#gmail.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.mywebsite.com
3 - Now Certbot will ask for a DNS record to check that if you really have rights at this domain.
------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.mywebsite.com with the following value:
5GFgEqWd7AQrvHteRtfT5V-XXXXXXXXXXXXXX
Before continuing, verify the record is deployed.
------------------------------------------------------------------
Press Enter to Continue
4 - After adding this DNS TXT record to your domain and wait for few seconds press enter and continue.
5 - Your certificate is ready!
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mywebsite.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mywebsite.com/privkey.pem
Your cert will expire on 2018-08-22. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
6 - Now we will copy our fullchain.pem and privkey.pem to our Nginx folder and add this to our Nginx server configuration. For example;
server {
listen 443 ssl;
server_name test.mywebsite.com;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
ssl_trusted_certificate /etc/nginx/ssl/fullchain.pem;
...
Hope it will helpful.

certbot cannot verify domain and connection refused

I am trying to generate certificate for my domain. I can ping my domain but still getting error. I have added inbound firewall rule to my digital ocean server to accept port 80 on ipv4 and ipv6 as well. Not sure what is wrong. [Note: my nginx server is not running as I cannot get the certificate]
https://community.letsencrypt.org/t/invalid-response-404-nginx-docker-container/102525
My domain is: www.1040nra.com
I ran this command: sudo certbot certonly --staging --webroot -w /root/dt-app-data/ -d 1040nra.com -d www.1040nra.com
It produced this output:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for 1040nra.com
http-01 challenge for www.1040nra.com
Using the webroot path /root/dt-app-data for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. 1040nra.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://1040nra.com/.well-known/acme-challenge/22AD-KFmF62z373CPiUKzk6dlr-0s5wMOmnmrziMqd4: Connection refused, www.1040nra.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.1040nra.com/.well-known/acme-challenge/ba-jjDhBUZJ9fHLofGfDYSVV5a-ETlX26A64A-2Yu0s: Connection refused
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: 1040nra.com
Type: connection
Detail: Fetching
http://1040nra.com/.well-known/acme-challenge/22AD-KFmF62z373CPiUKzk6dlr-0s5wMOmnmrziMqd4:
Connection refused
Domain: www.1040nra.com
Type: connection
Detail: Fetching
http://www.1040nra.com/.well-known/acme-challenge/ba-jjDhBUZJ9fHLofGfDYSVV5a-ETlX26A64A-2Yu0s:
Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version):
The operating system my web server runs on is (include version): ubuntu 18.04
You seem to have solved the problem yourself.
This is because the certbot domain cannot verify the DNS A record.
Make sure your domain address is directed to your server's ip address.
If you made the dns change 'recently', it may take some time to delete the old ip address.
https://www.whatsmydns.net/
Check here, there should only be one IP address and this should be your server's IP address.
Make sure ports 80 and 443 are open by running the command below:
sudo ufw status
If port 443 is not open, then run the command bellow to allow port 443:
sudo ufw allow https
Issue: The issue is your domain might be not pointing to your Cloud host IP and DNS setup
Solution:
You have to map your domain and IP in-network option tab A
Once you did the mapping then you have to setup DNS on where you have purchased the domain website.
Then check by entering your domain name on this web site www.whatsmydns.net showing your IP address or not
If Yes then you create the certificate
Go to the https://www.whatsmydns.net/
Enter your host name
You set the type A
Make sure that there is the same IP everywhere
You set the type AAAA
Make sure there are no AAAA entries
AAAA are IPv6 entries.
If the addresses for AAAA are present, make a request to this IPv6 address
#example curl [43ff:0c89:eb10:4c06:c90e:4b7d:64e5:fbe1]
curl [your IPv6]
If you get an error, then the address does not point to your site. Accordingly, there is a difference between IPv4 and IPv6.
Solution: delete the domain zone type AAAA

how to redirect example.com to 127.0.0.0/main/test?

i'm using wamp 5, windows XP. i have edited my host file in my local disk like the code below and it works
127.0.0.0 example.com
but i'd like to redirect to a particular folder, if i change it to the code below, it dont work
127.0.0.0/main/site example.com
how to redirect example.com to 127.0.0.0/main/site locally in my PC?
btw, i dont want to install any new software to solve this prob
You need to create a Virtual Hosts
Leave the HOST file as
127.0.0.1 example.com
When you define a Virtual Host you also tell it which folder is its DocumentRoot so that will send it to the right place when you use the address example.com in the browser.
Check out wampserver.com

Unable to make FTP connection

I'm trying to make an FTP connection to 3 web sites on the same server via a PHP script. It works fine for 2 of the sites, but the 3rd I get the following error (and it doesn't appear to be temporary):
"Warning: ftp_connect() [function.ftp-connect]: php_network_getaddresses: getaddrinfo failed: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server"
This code snippet is where it fails:
$server = 'ftp.'.$ftp_server;
$conn_id = ftp_connect($server) OR die("<br>unable to establish an FTP connection");
I'm hoping someone can point me in the right direction.
Regards to all
That means the DNS lookup for the ftp server's name (e.g. example.com) failed to resolve and the IP address could not be determined.
This could either be from your remote site's DNS servers being down, or the domain itself is misconfigured and is pointing at non-existing/unreachable DNS servers.
Perhaps the DNS servers for that specific host are down; check whois records for the domain to discover which DNS servers are authoritative, then check each one of them in turn with host to make sure they all resolve.
For example, whois stackoverflow.com:
Name Servers:
ns1.serverfault.com
ns2.serverfault.com
ns3.serverfault.com
Then:
$ host www.stackoverflow.com ns1.serverfault.com
Using domain server:
Name: ns1.serverfault.com
Address: 64.34.119.33#53
Aliases:
www.stackoverflow.com is an alias for stackoverflow.com.
stackoverflow.com has address 64.34.119.12
stackoverflow.com mail is handled by 10 STACKOVERFLOW.COM.S9A1.PSMTP.com.
stackoverflow.com mail is handled by 20 STACKOVERFLOW.COM.S9A2.PSMTP.com.
stackoverflow.com mail is handled by 30 STACKOVERFLOW.COM.S9B1.PSMTP.com.
stackoverflow.com mail is handled by 40 STACKOVERFLOW.COM.S9B2.PSMTP.com.
$ host www.stackoverflow.com ns2.serverfault.com
Using domain server:
Name: ns2.serverfault.com
Address: 64.34.119.34#53
Aliases:
www.stackoverflow.com is an alias for stackoverflow.com.
stackoverflow.com has address 64.34.119.12
stackoverflow.com mail is handled by 30 STACKOVERFLOW.COM.S9B1.PSMTP.com.
stackoverflow.com mail is handled by 40 STACKOVERFLOW.COM.S9B2.PSMTP.com.
stackoverflow.com mail is handled by 10 STACKOVERFLOW.COM.S9A1.PSMTP.com.
stackoverflow.com mail is handled by 20 STACKOVERFLOW.COM.S9A2.PSMTP.com.
$ host www.stackoverflow.com ns3.serverfault.com
Using domain server:
Name: ns3.serverfault.com
Address: 69.59.196.217#53
Aliases:
www.stackoverflow.com is an alias for stackoverflow.com.
stackoverflow.com has address 64.34.119.12
stackoverflow.com mail is handled by 30 STACKOVERFLOW.COM.S9B1.PSMTP.com.
stackoverflow.com mail is handled by 40 STACKOVERFLOW.COM.S9B2.PSMTP.com.
stackoverflow.com mail is handled by 10 STACKOVERFLOW.COM.S9A1.PSMTP.com.
stackoverflow.com mail is handled by 20 STACKOVERFLOW.COM.S9A2.PSMTP.com.
$
All three servers responded to requests for www.stackoverflow.com, so all three servers are functional.

Having a url of : 'example.com' instead of 'localhost:8888/drupal' [Mamp]

How can i run local tests ( with mamp ) that have urls of this kind : www.example.com instead of http://localhost:8888/install.folder
Thank you
If your tests are truely local, you may simply add an alias in your hosts file (/etc/hosts on linux). This alias will cause your computer to resolve www.example.com as 127.0.0.1 (localhost).
If you wish to use this outside of your computer, you will need to purchase a domain, and set its DNS up to forward to your IP address (and open the appropriate port in your router to forward to your computer).
If you don't want to have to include the port number (':8888'), change the port that your server is being hosted on to the default (80). This may be done through the server's configuration file by changing the 'Listen' directive.
If you do not want to have to add the '/drupal' path, add an 'Alias' directive to redirect the user from the root path ('/') to '/drupal'. You may also change the 'DocumentRoot' to drupal.
You will need to add an entry to your hosts file like this:
127.0.0.1 www.example.com
Note: this will not keep you from having to enter the port number or directory - it will only allow you to use a host alias for the host name itself.

Resources