Connection is not private using Google Domains and Heroku - heroku

I have a domain that I purchased from Google and a heroku app that I'm trying to send it to.
I've done the steps in this article: https://www.justinvrooman.com/articles/how-to-use-heroku-with-google-domains
and yet when I try to access the site I get a
Your connection is not private
Attackers might be trying to steal your information from www.***.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
What am I doing wrong with my set up or why am I getting this message?

It looks like you've enabled SSL in your Rails app but your site doesn't have an SSL certificate configured. To disable SSL, set the following to "false" in your 'config/environments/production.rb' file.
config.force_ssl = false
In addition, in the same file, don't forget to set your "host" equal to your custom domain.
host = 'www.yourdomain.com'
If you want to run SSL on a custom domain (e.g. www.example.com) you'll need to purchase and configure an SSL certificate for your domain.
If, however, you are fine using Heroku's domain (e.g. example.herokuapp.com), then you can piggyback on Heroku's SSL certificate.
More info on running SSL on a custom domain through Heroku: https://devcenter.heroku.com/articles/ssl-endpoint

Related

HTTPS Connection gives Privacy error in Browser. - Caddy Server

After modifying my Caddyfile to try a recommendation on this platform...i still can't get an
HTTPS connection in my browser..Chrome keeps saying
"Your connection is not private
Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID"
Here's my Caddyfile :
localhost:9000 {
bind {$ADDRESS}
proxy / 197.211.58.62:9000
tls self_signed
}
What am I doing wrong?
The caddy docs says the "self-signed certificate [is stored] in memory (untrusted by browsers, but convenient for local development)".
You'd have to generate the self-signed certificate outside of caddy and add it like a regular certificate.
Here's a guide to do it on Linux and MacOS or Windows
Config Example from the docs
tls ../cert.pem ../key.pem
This snippet assumes the keys are located one folder up
BTW All this should work with Caddy 2

error on web browser 'Website not secure'

I have a application hosted when I visit the site www.mysite.co.uk
Im getting Website Not Secure. Obviously this doesnot look good if users are accessing the site. How Can I fix this?
My application is hosted on heroku
I have added my domain to heroku:
Domain -> www.mysite.co.uk
DNS -> www.mysite.co.uk.herokudns.com
ACM Staus:OK
Heroku also gives me info that "Your app can be found
at https://www.mysite.co.uk"
And heroku manages the SSL certificate automatically.
The domain however is managed by gandhi.net
And I have configured the DNS to:
www CNAME 10800 www.mysite.co.uk.herokudns.com.
That is the responsibility of the one who offers the domain, because they are the ones who have the servers, in the browsers it appears that it is not safe because they do not have the necessary security certificates to be considered a "secure site".
If the hosting provider tells you that you have to install it, you should ask them how to do it

Blocked requests by default to https self signed backend

On my staging server I am connecting to self-signed https api backend. And by default requests can't be made, because browser treat backend as danger.
I have to open backend url in browser
https://my-api-backend.elasticbeanstalk.com
my-api-backend.elasticbeanstalk.com:8443 uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is not valid for the name my-api-backend.elasticbeanstalk.com. Error code: SEC_ERROR_UNKNOWN_ISSUER
After manually confirm that is secure it works. It is fine for me to do this, but not for managers etc. Another thing I was thinking about blocking backend access from outside and allow access only from frontend.
Is there any solution to this problem other than buying domain a sign it properly?
If it is a staging environment it should reflect a production environment so you should use a real domain signed correctly.
Certificates are free through AWS ACM or LetsEncrypt.
Why not use a sub domain like staging.domain.com, it would be free as well. Otherwise domains are cheap and it shouldn't be worth the hassle.

Custom domain which heroku forwarded to in not secure node.js

What steps do I need to take to move my normal node.js application into a state where it is secure on my custom domain? When I visit my heroku application example.herokuapp.com, the connection is secure across https://.
When I forward that heroku domain to my own site however www.example.com, it shows a warning that the connection is not secure.
Are there any articles online that have answered this question? I cannot seem to find any information on what steps to take. Thanks all
The steps for setting up custom domain SSL with your Heroku app are as follows:
1- Add your SSL add-on:
$ heroku addons:add ssl
2- Add the certificate to your app
Using the certificate you generated in the previous step, upload it to Heroku:
$ heroku certs:add server.crt server.key
3- Configure DNS
Add a CNAME record in the DNS configuration that points from the domain name that will host secure traffic e.g. www.yourdomain.com to the SSL endpoint hostname, e.g. example.herokussl.com. Consult your DNS provider for instructions on how to do this. The target should be the fully qualified domain name for the SSL endpoint associated with the domain.
You will find further information in Heroku Dev Center:
https://devcenter.heroku.com/articles/ssl-endpoint
Assuming you have the hobby or professional account, run the following command to get the automated certificate management (ACM) to work:
heroku certs:auto:enable -a <app name>
https://devcenter.heroku.com/articles/automated-certificate-management
Use Expedited CDN add-on and you can force for https for free.
First you need to be in at least hobby plan.
Need to add automated Automated Certificate Management (ACM) and your custom domain/s.
You can add Expedited CDN from resources tab of your project and its free.
Then visit Expedited CDN and configure DNS as mentioned there its easy and hassle free just follow the steps, trust me it will work.
I have provided some screenshots only for reference.
It has lot of additional features you might be looking.

OVH Domain & Let's encrypt SSL validation failure

I followed all the instructions to get a SSL certificate from Let's Encrypt for my website, but two hours after I successfully got the message "Your certificate and chain have been saved", I still cannot access my website with HTTPS and get the error "the website refused the connection".
Do you know how much time is needed to activate the certificate?
On the web hosting offer of OVH, the HTTPS protocol is available after the deployment on all the load balancing infrastructure. It take around two hours.
You can check your "multisite". Maybe your website doesn't have the "SSL" flag enabled and the generated certificate do not handle your website.

Resources