We recently created a new web site and I performed the following steps to redirect users from the old domain to the new one:
updated the old domain and its appropriate CNAME's to forward to the new domain
configured Azure to listen for the old domain + subdomains
added URL rewrite rules to the web.config (301 permanent redirect to new domain)
Everything works fine when browsing via HTTP; however, when browsing via HTTPS, I get errors such as
The hostname in the website’s security certificate differs from the
website.
This server could not prove that it is [old domain]; its security certificate is from *.azurewebsites.net.
I am guessing this is because my app service only holds the SSL certificate for the new domain name, and not the old one. Is there any way around this? Can URL rewriting or some other option preempt this?
You can have the certificates for your new and old domains in the same App Service application.
You need to add both certificates, and then add the SSL binding for each one to the appropriate domain.
Related
I have a domain purchased from Godaddy. Then a Virtual Machine setup on Azure with an web application installed on it.
So thus far I have:
An Azure VM with an application running on it, lets say the ip for the VM is 12.3.456.789
A domain name I purchased from godaddy, e.g mydomain.com, I then created a subdomain for e.g sub.mydomain.com
I then added an SSL certificate to this subdomain which worked fine, after I changed the DNS A record for the subdomain to the ip address of the VM 12.3.456.789, also the application on the VM is accessed on port 4000. So https://sub.mydomain.com:4000
The issue is that when I access my domain via https I get the ERR_SSL_PROTOCOL_ERROR in all browsers but when I access it via http then the application on it loads completely fine.
Any ideas on what I would have done wrong or left out in my setup?
Also if I did not provide enough information do let me know.
commercial SSL certs are always signed to include the TLD
(Top Level Domain -> in your hypothetical case: mydomain.com) !
You should contact godaddy to change the certificate to change the SAN (Subject alternative Name to sub.mydomain.com)
One example:
You order a ssl certificate for the subdomain www for your domain mydomain.com.
mydomain.com is valid by its nature (SAN -> it's the TLD)
Whereas www.mydomain.com is the SUBJECT.
Best H.
To rewrite to rule from https as you are getting ERR_SSL_PROTOCOL_ERROR please check you are correctly provided ssl cerficate SSL Certificate Checker as my SSL provided is DigiCert.
And to make Https ensure in your remote desktop in IIS manager click your virtual machine ->binding -> Https and port as 443 and upload certificate.
In your virtual machine try to add outbound security rule provide service as HTTPS and port as same in 443
Reference: https://learn.microsoft.com/en-us/answers/questions/23397/not-able-to-secure-windows-azure-vm-in-https.html
I have created Azure DNS Zone to manage redirections which use domain from namecheap.
Let's assume that my website is www.johndoe.com and currently website working well for johndoe.com but when I call www.johndoe.com it doesn't work well.
I have CNAME record and in CNAME redirect to redirect but unfortunately it doesn't work.
When I have call www.johndoe.com response message is as following...
Our services aren't available right now
We're working to restore all services as soon as possible. Please check back soon.
Please take into account that DNS does not provide a redirect.
An additional A or CNAME record only provides your IP address to people that navigate to that specific URL. When www.johndoe.com and johndoe.com both resolve to your web server, this means each page on your site has two addresses. This is horrible for things like SEO.
For a true redirect (and a 301 is preferred for SEO), set something up in the service that's handling the traffic coming in.
For instance: if you have an App Service running ASP.NET, setup the redirect in web.config. If you have Front Door (or a CDN) in place, use the rules engine to create a redirect with the correct condition and action.
Here's an example redirect in an Azure Front Door Classic Resource (this one redirects the other way):
I own for a website (example.com (GoDaddy)) and I set the name servers to Azure and manage DNS from there. I don't know enough about DNS to know how to properly do what I'm trying to do or the pros/cons. I have SSL always set in my AppService.
I want www.example.com to forward to example.com (on both http and https). Currently, I have both registered and bound to a cert in the AppServices and it works over https. The following links work in fact.
http://example.azurewebsites.net forwards to -> https
https://example.azurewebsites.net works/secure (seems to be using *.azurewebsites.net cert)
http://example.com forwards to https://example.com
https://example.com works/secure using example.com cert
http://www.example.com (forwards to https)
https://www.example.com (works using example.com cert).
So, all of these work and are secure... but I'd like ALL of them to forward to the naked and secure: https://example.com
I setup (In Azure) www CNAME to point to example.azurewebsites.net. Can I get this to happen through dns configuration or do I need to modify the actual AppService code to detect www and forward?
Also, if later I want someOtherAPI.example.com (can it point to another totally different AppService and use the same cert or will it need another cert?
It seems you want to know two points in your question:
So, all of these work and are secure... but I'd like ALL of them to
forward to the naked and secure: https://example.com
By default, Azure provides a wildcard cert *.azurewebsites.net for the domain azurewebsites.net, so you could use https for the domain and its subdomain. If you want to forward all traffic forward to the URL https://example.com, you need to change your code like URL rewrite or URL redirect in the web.config file. View More details here1 and here2
Also, if later I want someOtherAPI.example.com (can it point to
another totally different AppService and use the same cert or will it
need another cert?
The SSL cert DNS name must match the domain name in the website URL. So if you want to secure the website for the domain someOtherAPI.example.com, you need an SSL cert DNS name as someOtherAPI.example.com or wildcard domain *.example.com for this website.
Hope this could help you.
How can I get https://www.test.com to redirect to https://test.com when using GitHub pages to host a static website?
I recently enabled TLS (provided by GitHub/Lets Encrypt) for my static site by setting A records at my DNS provider (namecheap). I've also chosen to "Enforce HTTPS" option in my GitHub repository's settings, which handles redirecting requests from http://test.com to https://test.com. I have a redirect configured through my DNS provider which forwards http://www.test.com to https://test.com, but the one missing piece of the puzzle is forwarding https://www.test.com to https://test.com.
Regarding this issue, GitHub says, "If your domain has HTTPS enforcement enabled, GitHub Pages' servers will not automatically route redirects. You must configure www subdomain and root domain redirects with your domain registrar."
... and my DNS provider says, "It is not possible to set up a URL redirect in the account for the TCP port forwarding from http://www.domain.tld (uses port 80) to https://www.domain.tld (working via port 443)."
I seem to be caught in an infinite loop of the two services saying the other should provide this functionality.
What worked for me:
Change your custom domain to be prefixed with www., like this:
Save the settings and wait until www.example.com resolves and works.
Remove the www. prefix and save again.
Wait for browser and DNS caches to invalidate.
All combinations should lead to https://example.com/ and no SSL error should appear.
GitHub Pages handles redirection between the apex domain and www subdomain automatically as long as you configure the DNS records correctly.
From the GitHub Pages documentation on configuring an apex domain:
If you configure the correct records for each domain type through your DNS provider, GitHub Pages will automatically create redirects between the domains. For example, if you configure www.example.com as the custom domain for your site, and you have GitHub Pages DNS records set up for the apex and www domains, then example.com will redirect to www.example.com. Note that automatic redirects only apply to the www subdomain.
While the docs discuss redirecting from the apex domain to the www subdomain, the reverse direction works as well.
If the apex domain is the desired target (as in this question): set the custom domain value to just example.com.
If the www subdomain is the desired target: set the custom domain value to www.example.com.
Again, this works as long as DNS records are correctly configured for both the apex domain and www subdomain, as described in the docs.
Not the point of this question, but the question When should one use a 'www' subdomain? offers some good insight on using the www or not.
Why I am unable to add domain to azure web app for a domain coming via Cloudflare proxy even though I have configured the URL to resolve to azurewebsites.net URL via CNAME?
Here are the steps to get through Cloudflare proxy:
First you need to turn off proxy in Cloudflare.
Configure the URL to point to azurewebsites.net URL in DNS
Then add the custom domain.
Once the domain is added, enable the proxy again.