i have domain for example, example.com so,
http://www.example.com ( works ),
https://www.example.com ( works ),
http://example.com ( works ),
https://example.com ( does not work)
so how can i make https://example.com work ? i have two ports listening on my aws elastic beanstalk i.e. 80 and 443, and only 443 has ssl on it, and any request coming to port 80 is forwarded to 443, any help regarding it is appreciated... thanks in advance
I assume you are using ACM certificates?
If so: do you have multiple domain names (www.example.com and example.com) defined for the certificate?
You can also set Wildcards like *.example.com
See more here:
https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
Refer to https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
Note
When you request a wildcard certificate, the asterisk (*) must be
in the leftmost position of the domain name and can protect only one
subdomain level. For example, *.example.com can protect
login.example.com and test.example.com, but it cannot protect
test.login.example.com. Also note that *.example.com protects only the
subdomains of example.com, it does not protect the bare or apex domain
(example.com). However, you can request a certificate that protects a
bare or apex domain and its subdomains by specifying multiple domain
names in your request. For example, you can request a certificate that
protects example.com and *.example.com.
Related
I have one ELB with www.example.com
and another with dev.example.com
I have created separate certificates for both including wildcards and www in Certificate Manager.
Both certificates are verified and issued.
But SSL on www.dev.example.com is not working.
When I check the certificate in Mozilla/Chrome it shows the alt DNS to be example.com, www.example.com, and *.example.com but that's a different certificate which I have not assigned to the listener of ELB of dev.example.com
Any help to make it work?
Wildcards only work at one level. You would need to add *.dev.example.com to the certificate in order for it to work with www.dev.example.com.
I have a cloudfront distribution that I want to serve the following domains & I am trying to list as CNAMEs:
domain.com
www.domains.com
domain.ca
www.domain.ca
Now my certificate has *.domain.com and *.domain.ca and is approved.
But when I tried to add either "domain.com" or "domain.ca" to my cloudfront CNAMEs, I get this error.
Why do I get this?
ViewerCertificateException: The certificate that is attached to your distribution doesn't cover the alternate domain name (CNAME) that you're trying to add.
Wildcard certificate *.domain.ca does not cover domain.ca. Same case for domain.com. You need to re-issue your certificate to include both the wildcards and the domain.com and domain.ca. From docs:
Also note that *.example.com protects only the subdomains of example.com, it does not protect the bare or apex domain (example.com). However, you can request a certificate that protects a bare or apex domain and its subdomains by specifying multiple domain names in your request. For example, you can request a certificate that protects example.com and *.example.com.
I created a static s3 bucket site that works. I created a certificate for:
www.example.com
with additional names:
*.example.com
example.com
In my DNS I successfully attached all 2 certificates. Yes, all 2 because the wildcard and the blank subdomain were the same CNAME values.
In the DNS I have www.example.com CNAME going to the cloudfront url.
I figured maybe this was the issue and I should use no www and also try a wildcard, but both simply didn't work and nothing loaded.
I then created a CloudFront and attached the certificate to it with Alternate Domain Names (CNAMEs)
www.example.com
*.example.com
example.com
In CloudFront my Viewer Protocol Policy is REDIRECT TO HTTPS
The behavior:
https://www.example.com works
http://www.example.com works (redirects to https://www.example.com)
www.example.com works (redirects to https://www.example.com)
example.com works (redirects to https://www.example.com)
https://example.com breaks with a (fail) and then auto attempts with (failed)net::ERR_NAME_NOT_RESOLVED
http://example.com breaks with a (fail)
One other thing is, I do have a separate certificate for a separate website on a subdomain sub.example.com. Would this possibly affect it?
Is there anything that stands out that would be doing this?
Based on the comments.
Resolution of example.com did not work because the DNS host (name.com) was set to resolve only www.example.com into CloudFront distro url.
The solution was to add ANAME record to point example.com into CloudFront distro url.
The setup
Route53 record(*.testing.domain.com) linked to an ELB(which uses an Amazon Certificate Manger issued certificate for *.domain.com and domain.com)
The targets of the ELB are running nginx which inturn proxy_passes the incoming requests to a (django)server running on port 80xx (ex: 127.0.0.1:8099).
Note: The nginx server listens to requests on port 80 and 443 and the targets of the ELB are registered on ports 80 and 443.
QUESTION:
I am able to access the following:
http://domain.com
https://domain.com
http://any.subdomain.domain.com
I want to know why I am getting a NET::ERR_CERT_COMMON_NAME_INVALID when I'm trying to access https://any.subdomain.domain.com
Thanks
You need request another certificate for *.subdomain.domain.com
https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
*.example.com can protect login.example.com and test.example.com, but it cannot protect test.login.example.com. Also note that *.example.com
protects only the subdomains of example.com, it does not protect the
bare or apex domain (example.com). However, you can request a
certificate that protects a bare or apex domain and its subdomains by
specifying multiple domain names in your request.
I'm currently hosting an S3 bucket with a static website, I'm using an SSL certificate via certificate manager that covers *.domain.com. Visiting the site www.domain.com results in a secure website, however simply going to domain.com does not even though the A record for domain.com points to www.domain.com through Route 53. The specific error message states that the site can't provide a secure connection, my question is, is the DNS not setup correctly to point domain.com to www.domain.com or is it because the SSL certificate is only for *.domain.com and not domain.com.
Secure: https://www.adambarlowlaw.com/
Insecure: https://adambarlowlaw.com/
Pointing domain.com to www.domain.com just has the effect of two separate records that both end up pointing to the same IP address. Lots of people mistake this sort of DNS pointer as a browser redirect, but that is not the case.
You are focusing on the DNS setup, but it is the SSL certificate that is incorrect. Since the server has both domain.com and www.domain.com pointing at it, the server needs to be able to serve both of those domains. You have configured the SSL certificate to work for *.domain.com but not domain.com.
When you request an SSL certificate you need to request two domains domain.com and *.domain.com