Heroku 自动证书管理因一个域而失败
Heroku Automated Certificate Management failed with one domain
我正在尝试使用 Heroku 为我的应用程序获取 SSL 认证,但是 Automated Certificate Management 两个域名之一都失败了。
我在 2017 年 3 月之前创建了 dyno,所以我必须 运行 heroku certs:auto:enable 按照 here.
的解释
然后,heroku domains returns:
Domain Name DNS Record Type DNS Target
─────────────── ─────────────── ─────────────────────────────
example.com ALIAS or ANAME example.com.herokudns.com
www.example.com CNAME www.example.com.herokudns.com
这似乎符合what heroku expects。
无论如何,heroku certs:auto returns:
Domain Status
─────────────── ────────────
example.com Failing
www.example.com OK
我承认我对域名、DNS等设置是一窍不通。因此,这对我来说可能是一个非常简单的错误。然而,我读了 Heroku troubleshooting documentation and also similar questions in SO such as a or this one 仍然不知道哪里出了问题。
www.example.com 可以,但 example.com 失败的事实让我更加困惑。不幸的是,我收到了一封没有 failure reason.
的通知邮件
Namecheap
我想问题要么出在 Heroku 上,要么出在我购买域名的地方。即Namecheap.com.
在那里,在 Domain 选项卡上我有:
NAMESERVERS Namecheap BasicDNS
REDIRECT DOMAIN Source URL Destination
example.com http://www.example.com
并且在 Advanced DNS 选项卡上:
Type Host Value TTL
------------- ----- ------------------------------- -------
CNAME Record www example.com.herokudns.com Automatic
TXT Record @ google-site-verification... Automatic
URL Redirect Record @ http://www.example.com/ Unmasked
我做错了什么?
更新
问题似乎是由 Namecheap 引起的。我在 Heroku 上找到了 following ticket:
Issue
User is having trouble pointing their root domain (aka apex
domain/naked domain) to their Heroku app, either with setting the
right DNS records, or accessing it over HTTPS.
Resolution
Root domains on Heroku require the use of "CNAME-like" records, often
referred to as ALIAS or ANAME records.
Unfortunately, a number of popular DNS hosts such as GoDaddy,
Namecheap, Bluehost, and others do not support these types of records.
Instead they tend to offer the following:
A records
URL redirects / forwarding
There are caveats with both of these options...
奇怪的是,我没有找到任何地方把所有的步骤解释清楚。到目前为止我所做的是:
- 使用支持此功能的 DNS 主机开设帐户。我选择了 DNSimple。在撰写本文时,价格从 5 欧元/月起,但有免费试用月。
- 转移域的费用为 14 欧元/年,所以我只是 pointed the name servers at Namecheap to DNSimple 并将域添加到 DNSimple 以创建 DNS 记录。
接着是DNSimple上的配置。我按照文档中的步骤 1 redirect HTTP to HTTPs; ignored the step 2, since Heroku's ACM had already done it; and for the step 3 the article Pointing the Domain Apex to Heroku 非常有帮助。我手动添加了一条 ALIAS record 并且还添加了一条 CNAME 记录,如下所示:
Type Name Content
───── ─────────────── ───────────────────────
ALIAS example.commyapp.com.herokudns.com
CNAME www.example.commyapp.com.herokudns.com
一开始没有任何效果,浏览器显示以下错误:
This site can’t be reached
www.example.com’s server IP address could not be found.
检查 troubleshotting documentation 我看到唯一的可能性是 Name server propagation delay,所以我等待。感觉时间很长,但实际上只用了不到一个小时,网站就重新上线了。
但是48小时后SSL认证一直失败...
供日后参考:联系 Heroku 支持后,他们手动刷新了我的证书请求,最终为我的应用颁发了...
在这里查看答案,尤其是 CloudFlare 解决方案,因为它是免费的
Automated certificate management also provisions you a free SSL cert
from https everywhere. You don’t need to buy a cert.
However namecheap won’t work with ACM because they don’t allow an
“alias” record for your “apex” domain I.e. your domain with no
subdomain so https://example.com not https://www.example.com
Your options are switch to a dns registrar that supports an “alias”
record such as dnsimple. They charge a month in addition to the
domain registration fee.
Or alternatively use a free cloudflare instance which comes with SSL.
If you already bought a cert there is a way to upload it to Heroku via
an SSL addon.
I use both DNSimple/Heroku ACM on some apps and cloudflare on some
others. Both are equally nice but cloudflare is free and gives you a
CDN too.
https://www.reddit.com/r/Heroku/comments/7wh5r4/setting_up_ssl_with_heroku_namecheap/
我正在尝试使用 Heroku 为我的应用程序获取 SSL 认证,但是 Automated Certificate Management 两个域名之一都失败了。
我在 2017 年 3 月之前创建了 dyno,所以我必须 运行 heroku certs:auto:enable 按照 here.
然后,heroku domains returns:
Domain Name DNS Record Type DNS Target
─────────────── ─────────────── ─────────────────────────────
example.com ALIAS or ANAME example.com.herokudns.com
www.example.com CNAME www.example.com.herokudns.com
这似乎符合what heroku expects。
无论如何,heroku certs:auto returns:
Domain Status
─────────────── ────────────
example.com Failing
www.example.com OK
我承认我对域名、DNS等设置是一窍不通。因此,这对我来说可能是一个非常简单的错误。然而,我读了 Heroku troubleshooting documentation and also similar questions in SO such as a
www.example.com 可以,但 example.com 失败的事实让我更加困惑。不幸的是,我收到了一封没有 failure reason.
Namecheap
我想问题要么出在 Heroku 上,要么出在我购买域名的地方。即Namecheap.com.
在那里,在 Domain 选项卡上我有:
NAMESERVERS Namecheap BasicDNS
REDIRECT DOMAIN Source URL Destination
example.com http://www.example.com
并且在 Advanced DNS 选项卡上:
Type Host Value TTL
------------- ----- ------------------------------- -------
CNAME Record www example.com.herokudns.com Automatic
TXT Record @ google-site-verification... Automatic
URL Redirect Record @ http://www.example.com/ Unmasked
我做错了什么?
更新
问题似乎是由 Namecheap 引起的。我在 Heroku 上找到了 following ticket:
Issue
User is having trouble pointing their root domain (aka apex domain/naked domain) to their Heroku app, either with setting the right DNS records, or accessing it over HTTPS.
Resolution
Root domains on Heroku require the use of "CNAME-like" records, often referred to as ALIAS or ANAME records.
Unfortunately, a number of popular DNS hosts such as GoDaddy, Namecheap, Bluehost, and others do not support these types of records. Instead they tend to offer the following:
A records
URL redirects / forwarding
There are caveats with both of these options...
奇怪的是,我没有找到任何地方把所有的步骤解释清楚。到目前为止我所做的是:
- 使用支持此功能的 DNS 主机开设帐户。我选择了 DNSimple。在撰写本文时,价格从 5 欧元/月起,但有免费试用月。
- 转移域的费用为 14 欧元/年,所以我只是 pointed the name servers at Namecheap to DNSimple 并将域添加到 DNSimple 以创建 DNS 记录。
接着是DNSimple上的配置。我按照文档中的步骤 1 redirect HTTP to HTTPs; ignored the step 2, since Heroku's ACM had already done it; and for the step 3 the article Pointing the Domain Apex to Heroku 非常有帮助。我手动添加了一条
ALIAS record并且还添加了一条CNAME记录,如下所示:Type Name Content ───── ─────────────── ─────────────────────── ALIAS example.commyapp.com.herokudns.com CNAME www.example.commyapp.com.herokudns.com
一开始没有任何效果,浏览器显示以下错误:
This site can’t be reached
www.example.com’s server IP address could not be found.
检查 troubleshotting documentation 我看到唯一的可能性是 Name server propagation delay,所以我等待。感觉时间很长,但实际上只用了不到一个小时,网站就重新上线了。
但是48小时后SSL认证一直失败...
供日后参考:联系 Heroku 支持后,他们手动刷新了我的证书请求,最终为我的应用颁发了...
在这里查看答案,尤其是 CloudFlare 解决方案,因为它是免费的
Automated certificate management also provisions you a free SSL cert from https everywhere. You don’t need to buy a cert.
However namecheap won’t work with ACM because they don’t allow an “alias” record for your “apex” domain I.e. your domain with no subdomain so https://example.com not https://www.example.com
Your options are switch to a dns registrar that supports an “alias” record such as dnsimple. They charge a month in addition to the domain registration fee.
Or alternatively use a free cloudflare instance which comes with SSL.
If you already bought a cert there is a way to upload it to Heroku via an SSL addon.
I use both DNSimple/Heroku ACM on some apps and cloudflare on some others. Both are equally nice but cloudflare is free and gives you a CDN too.
https://www.reddit.com/r/Heroku/comments/7wh5r4/setting_up_ssl_with_heroku_namecheap/