My SSL certificate is all set up and ready to go on Heroku. I followed the instructions here https://devcenter.heroku.com/articles/route-53 to correctly redirect requests (e.g. example.com to www.example.com) using AWS S3. HTTPS works great when requestiong https://www.example.com; however, if I attempt to request https://example.com, the page cannot be found. Any thoughts?
Using Route 53, you want to create the following DNS records:
www.example.com CNAME your_app.herokuapp.com
example.com ALIAS your_app.herokuapp.com
Your www.example.com hostname should be a CNAME record that delegates to your Heroku App hostname. Any other regular hostnames should be CNAMEs.
The example.com "Apex" or "naked domain" record must return an A record and cannot be a CNAME. Route53 implements the ALIAS record type, which looks up the values for your_app.herokuapp.com and returns a set of current A records to match.
I've just been through this myself. The easiest and cheapest way to do it is to let Heroku (minimum 7 USD box) manage the SSL (ACM).
Add a custom domain there and enable SSL and you will be presented with a DNS target like: www.yourcustomdomain.com.herokudns.com. In Route53 add a CNAME record for your www.yourcustomdomain.com with the target into www.yourcustomdomain.com.herokudns.com.
Wait to refresh the DNS internationally.
I would assume the S3 bucket for directing the naked domain into the www.domain was done previous to the above mentioned.
Related
I bought a domain name at domain.com, and tried to link it to my heroku app. Heroku provided me a DNS target, and I have put it through to my "DNS record" config in domain.com.
However when I try to generate automatic SSL certificate for my app, it still fails and returns me "CDN not returning HTTP challenge". I referred to this documentation, it says the reason for this error is that I haven't pointed the DNS to the one provided by Heroku DNS target. But I have already done it
Is there anything I misunderstood, or do I basically have to wait for a few days for it?
Under name just list it as www.your_site.com, heroku says that it will forward www.example.com to example.com.
In this case, as long as you have www.example.com set up, example.com
isn't needed as users can reach your site via www.example.com and to
set up www.example.com you need to use CNAME Records which all DNS
Providers allow you to set.
I'm trying to get an SSL certificate using the certbot from letsencrypt, but it keeps saying it's failing at the verification stage, with this error 'DNS problem: NXDOMAIN looking up A for www.example.com - check that a DNS record exists for this domain'
I currently have one host record, which is an A record, host '#' and value is set to my public ip address. Am I supposed to have more host records on my namecheap account?
You need to add a dns record similar to this:
www 3600 in CNAME #
or you can just copy the A record:
www 3600 in A 46.101.145.73
The first option is more resilient (it will carry all dns records from # to www, and this can have unintended consequences), the second is more performant.
I have a Heroku app set up with SSL certificates, and my DNS does not allow CNAME records at the Apex level. Meaning, I cannot point my A Record at my Heroku app URL (A level records can only be IP addresses and Heroku cannot provide a static IP).
There other methods (both here on stack and on heroku's guides) that recommend using other DNS providers, but I would like to try and solve this with AWS (Specifically Route53), while also retaining our https:// in the domain for SSL.
I found some guides on how to do this, but there seemed to be complications (headers messed up, cannot retain https etc). I will provide an answer below outlining how I achieved this, but encourage discussion on what repercussions my solution may incur.
I discovered this guide on the Heroku website:
Configuring Amazon Route 53 DNS for Your Heroku App
The outline of the solution is to create an S3 bucket as a static website host that simply redirects to your Route53 hosted zone. Here are the basic steps:
Create a new hosted zone on your Route 53 Management Console with your domain (example.com)
Create a CNAME entry for www.example.com with the value set as your heroku custom domain (www.example.com.herokudns.com)
Create an S3 Bucket with the same name as your domain (example.com), and set it as a static website host
In the settings for static website hosting set this to "Redirect Requests" and set the target as www.example.com and the protocol to https
Return to Route 53 and add an A Level Alias with the target as your newly created bucket
Finally point your DN Providers Name servers at your new Route 53 hosted zone (you can get the list of name servers from the sidepanel in your management console)
And that's it! After the TTL expires on your Name Servers your site should be up and running and both example.com and www.example.com
I was pointing a custom domain to my username.github.io account, by using A records in Domain Registrar (Route 53) and a CNAME in my master branch that said custom_domain.me. I want to move to https.
I created an account on cloudflare, changes the NS records on Route 53 to point to cloudflare, and changed CNAME record in my master branch to https://custom_domain.me.
I want to access https://custom_domain.me, but I cannot. I have waiting only one hour now. Am I missing something or should I just wait?
In order to use CloudFlare on a Free/Pro account; you will need to move your DNS to CloudFlare, not just simply add NS records to Route53.
Route53 commonly provide simply DNS services, you have an interesting use-case as your also using their domain name registration service.
If your domain is registered with Route53 and also using Route53 for DNS, you will need to change this so CloudFlare does your DNS by changing the nameservers.
Once with CloudFlare, your DNS will be entirely managed by CloudFlare. Run through the CloudFlare set-up, verify your DNS records and you'll be presented with 2 new CloudFlare nameservers to use.
In order to configure this, please set the nameservers in Route53 to the ones in CloudFlare: http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-name-servers-glue-records.html
I already added a custom domain to my Heroku app and it works with www.domain.com.
I need to know how to set up the domain without www to resolve to the app, too.
Here are my current DNS settings:
$TTL 86400
# IN SOA ns1.first-ns.de. postmaster.robot.first-ns.de. (
2013041500 ; serial
14400 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
# IN NS robotns3.second-ns.com.
# IN NS robotns2.second-ns.de.
# IN NS ns1.first-ns.de.
# IN A 88.198.38.XXX
localhost IN A 127.0.0.1
mail IN A 88.198.38.XXX
ftp IN CNAME www
imap IN CNAME www
loopback IN CNAME localhost
pop IN CNAME www
relay IN CNAME www
smtp IN CNAME www
www IN CNAME appname.herokuapp.com.
# IN MX 10 mail
What are the correct settings to use so that both example.com and www.example.com would point correctly to my Heroku app?
(Note: root, base, apex domains are all the same thing. Using interchangeably for google-foo.)
Traditionally, to point your apex domain you'd use an A record pointing to your server's IP. This solution doesn't scale and isn't viable for a cloud platform like Heroku, where multiple and frequently changing backends are responsible for responding to requests.
For subdomains (like www.example.com) you can use CNAME records pointing to your-app-name.herokuapp.com. From there on, Heroku manages the dynamic A records behind your-app-name.herokuapp.com so that they're always up-to-date. Unfortunately, the DNS specification does not allow CNAME records on the zone apex (the base domain). (For example, MX records would break as the CNAME would be followed to its target first.)
Back to root domains, the simple and generic solution is to not use them at all. As a fallback measure, some DNS providers offer to setup an HTTP redirect for you. In that case, set it up so that example.com is an HTTP redirect to www.example.com.
Some DNS providers have come forward with custom solutions that allow CNAME-like behavior on the zone apex. To my knowledge, we have DNSimple's ALIAS record and DNS Made Easy's ANAME record; both behave similarly.
Using those, you could setup your records as (using zonefile notation, even tho you'll probably do this on their web user interface):
# IN ALIAS your-app-name.herokuapp.com.
www IN CNAME your-app-name.herokuapp.com.
Remember # here is a shorthand for the root domain (example.com). Also mind you that the trailing dots are important, both in zonefiles, and some web user interfaces.
See also:
Doing DNS right with Heroku
Avoiding Naked Domains and DNS A-records
Remarks:
Amazon's Route 53 also has an ALIAS record type, but it's somewhat limited, in that it only works to point within AWS. At the moment I would not recommend using this for a Heroku setup.
Some people confuse DNS providers with domain name registrars, as there's a bit of overlap with companies offering both. Mind you that to switch your DNS over to one of the aforementioned providers, you only need to update your nameserver records with your current domain registrar. You do not need to transfer your domain registration.
To point your apex/root/naked domain at a Heroku-hosted application, you'll need to use a DNS provider who supports CNAME-like records (often referred to as ALIAS or ANAME records). Currently Heroku recommends:
ALIAS at DNSimple
ANAME at DNS Made Easy
ANAME at easyDNS
ALIAS at PointDNS
CNAME at CloudFlare
Whichever of those you choose, your record will look like the following:
Record: ALIAS or ANAME
Name: empty or #
Target: example.com.herokudns.com.
That's all you need.
However, it's not good for SEO to have both the www version and non-www version resolve. One should point to the other as the canonical URL. How you decide to do that depends on if you're using HTTPS or not. And if you're not, you probably should be as Heroku now handles SSL certificates for you automatically and for free for all applications running on paid dynos.
If you're not using HTTPS, you can just set up a 301 Redirect record with most DNS providers pointing name www to http://example.com.
If you are using HTTPS, you'll most likely need to handle the redirection at the application level. If you want to know why, check out these short and long explanations but basically since your DNS provider or other URL forwarding service doesn't have, and shouldn't have, your SSL certificate and private key, they can't respond to HTTPS requests for your domain.
To handle the redirects at the application level, you'll need to:
Add both your apex and www host names to the Heroku application (heroku domains:add example.com and heroku domains:add www.example.com)
Set up your SSL certificates
Point your apex domain record at Heroku using an ALIAS or ANAME record as described above
Add a CNAME record with name www pointing to www.example.com.herokudns.com.
And then in your application, 301 redirect any www requests to the non-www URL (here's an example of how to do it in Django)
Also in your application, you should probably redirect any HTTP requests to HTTPS (for example, in Django set SECURE_SSL_REDIRECT to True)
Check out this post from DNSimple for more.
I am now using Google Apps (for Email) and Heroku as web server. I am using Google Apps 301 Permanent Redirect feature to redirect the naked domain to WWW.your_domain.com
You can find the step-by-step instructions here
https://stackoverflow.com/a/20115583/1440255
You are not allowed to have a CNAME record for the domain, as the CNAME is an aliasing feature that covers all data types (regardless of whether the client looks for MX, NS or SOA records). CNAMEs also always refer to a new name, not an ip-address, so there are actually two errors in the single line
# IN CNAME 88.198.38.XXX
Changing that CNAME to an A record should make it work, provided the ip-address you use is the correct one for your Heroku app.
The only correct way in DNS to make a simple domain.com name work in the browser, is to point the domain to an IP-adress with an A record.