I provisioned a server using forge and set the domain to blog.example.com. And I generate a LetsEncrypt certificate for that server and set the site to run on http2. It was perfectly fine.
However, I need to make the server accessible via www.blog.example.com now. So I set a CNAME record to route www.blog to blog.example.com. But I got an error This site can’t provide a secure connection when I try to access the site via www.blog.example.com. So I try to generate a new certificate for www.blog.example.com but forge reply First domain does not match root domain on site.
How can I solve the problem?
Thank you.
Related
Working with a multi tenancy solution where users are to be allowed to set their custom domains - the solution works just fine. However, looking for suggestions on how to get the SSL installed on those custom domains and set them in Nginx so they are served via https route.
In theory, as soon as the user adds custom domain from the backend - SSL is to be installed once A record / CNAME is verified to be pointing correctly. We will be getting Letsencrypt SSL and need an approach on how to handle Ngnix config to provide SSL key to it can be served.
If anyone has produced a similar solution and can shed light on how to approach this, that will be great.
Thanks in advance.
You can solve it by manually issuing certificates using Let's Encrypt and then adding new NGINX config file for serving new domain
Or you can just switch from NGINX to Caddy and it will automatically do it for you! Also you could specify in your application route file a route for a domain whitelist check to prevent unauthenticated domain issues
I deployed an app on Heroku and set up automatic SSL configuration. According to my Heroku, my app can be accessed via https. If I use that URL, the connection is indeed secure.
I added a Synthetic Recored in my google domain to point to this url. I also added a Custom Resource Record where the Name is www, Type is CNAME, and Data is my DNS Target for the app.
I can only connect securely when I use https://www.osrshub.com. If I use www.osrshub.com or osrshub.com, it is not secure. What am I doing wrong?
The comment from user2864740 is correct. I needed to update my front end to redirect to https.
Force SSL/HTTPS with mod_rewrite
I have this facebook app and I have setup my client id and secret on the code. When I try to access the api I get this error. I have tried everything. The app domain is localhost and the website url is the path that the app is running. Anyone know how to solve the issue?
This is the request:
https://www.facebook.com/v2.8/dialog/oauth?client_id=266389393769834&state=xxxxx&response_type=code&sdk=php-sdk-5.0.0&redirect_uri=http%3A%2F%2F%5B%3A%3A1%5D%2Fdemo%2F%2Fuser_authentication&scope=email
In order to test a localhost FB login setup, you cannot use their "Production" setup, as this points to an existing website, or IP
localhost, 127.0.0.1 or any alias (for example: my.domain or de.mo) you set on your localhost server will not work when the FB settings is pointing at production environment.
You need to set up a test environment using FB "Create New App"
I have set up a Parse Server on Heroku, with an MLab MongoDB. Everything works fine, & when I visit https://myapp.herokuapp.com I see "Make sure to star the parse-server repo on GitHub!".
I can successfully perform API functions through my Postman Console, for example logging in via the following REST API call: https://myapp.herokuapp.com/parse/login?username=admin&password=password.
I can also perform other REST API POST, GET, etc. as you would expect.
I'm now trying to use my own domain "api.mydomain.net". In the Heroku App > Settings > Custom Domains, I have set domain to "api.mydomain.net" & "myapp.herokuapp.com" as the DNS target.
I've also added a CNAME record to the DNS pointing "api" to "myapp.herokuapp.com".
When I visit https://api.mydomain.net I see the "Make sure to star the parse-server repo on GitHub!" message confirming that the CNAME record works, however when I go to perform the same REST API Login call https://api.mydomain.net/parse/login?username=admin&password=password I get the response:
Could not get any response.
This seems to be like an error connecting to
https://api.mydomain.net/parse/login?username=admin&password=password.
What am I missing?
You are trying to securely connect to the Parse Server with https. So you have to add a TSL certificate for your Heroku app in the Heroku dashboard.
Open Heroku app in Heroku dashboard
Open Settings tab
In section Domains and certificates click Configure SSL and choose Automatically configure using Automated Certificate Management.
Click Add domain to add the domain from which the request should be forwarded, e.g. api.example.com.
On your domain registrar's website set the CNAME for api.example.com to the domain in the Heroku app settings, e.g. api.example.com.herokudns.com
Wait until the status of the domain in the Heroku dashboard is Done
I have been using openshift for quite some time. Since letsencrypt is in beta, I thought I gave it a try.
My current setup:
www.digrin.com is an alias to my openshift url - digrin-digrincom.rhcloud.com
digrin.com A tag points to wwwizer redirect service 174.129.25.170.
I have uploaded ssl certificates to openshift. It works fine on domain www.digrin.com. However since naked domain digrin.com points to wwwizer.com, it does not use https. I believe it is a problem. I want both domains (naked as well as www variant) to use https. Is it possible? I know wwwizer has some premium plan where it might be possible, but I would like a free version if possible.
If you don't know, I can not set cname for naked domain, so I had to use A tag to wwwizer, because openshift might change IP address.
Useful link:
How to use naked GoDaddy domain with OpenShift hosting?
If you are looking for a free (1 domain) service that redirects naked domains with valid SSL certificates. I moved from wwwizer to nakedssl to redirect to an Opensift server and it works fine.
Well first of all I had to generate ssl certificate for naked domain - digrin.com. I set temporarily A tag for digrin.com to openshift's ip and generated ssl certificate.
Now we have working certificate, but since A tag for digrin can not be set permanently, domain registrant must support naked domain redirect. More on this you can read here -> if you registrant does not support it, move to cloudfront (I will test cloudfront if my registrant will not add this feature within few months and will update this answer).