I'm trying to use the recently announced (in preview) managed certificates for Azure app service. One of the limitations is that you can't get one for naked domains. eg.: you can get one for www.domain.com, but not domain.com.
In my (current) web.config, I'm redirecting from 'naked' to 'www' anyway using rewrite rules, so beeing limited to 'www' is not a real problem. However, as the redirect takes place at the web.config level, that is, after the request has hit the webserver, this is too late: when 'domain.com' gets hit and tries to redirect, the browser has already seen the insecure connection to the naked domain (depending on browser) will display a warning page.
So how is one supposed to do deal with the "naked" domains? No more redirects at all? Or are there other methods to do this besides web.config configurations? I did look, but did not find anything.
Adding to Jack's suggestions.
Currently, the preview offering only supports CNAME based validation. Thanks for the feedback and it is on our list of future improvements to consider however we do not have any ETA on this yet. So, request you to up-vote this feedback post on Uservoice-
https://feedback.azure.com/forums/169385-web-apps/suggestions/38981932-add-naked-domain-support-to-app-service-managed-ce
Alternatively, you may try to forward apex domains to subdomain such as www.
So based on your requirement, to redirect -
https://yourdomain.com -> https://www.yourdomain.com
If you are using App Service Domain, you can forward your domain by going to 'Advanced Management portal' of the domain resource.
So, after a long time, Azure finally supports this. One can simply use a managed cert for naked domains.
See here: https://azure.github.io/AppService/2021/03/02/asmc-apex-domain.html
In this scenario, I think a redirect is necessary.
We can get some clues from other international websites. For example: when I try to access http://google.com, actually I will get a 301 redirect which redirects me to http://www.google.com, and then I will get a 302 redirect which redirects me to https://www.google.com/?gws_rd=ssl
So, as managed certificate does not support naked domain. I suggest you directly add your www subdomain to your web app. And then create managed certificate to that www subdomain.
And, finally, you can add 301 and 302 redirect rules in your DNS provider, which will ensure all requests to naked domain will be redirected to www subdomain. This could be done in your DNS provider before your web app.
So after some time trying things, here's how i ended up dealing with this:
- Using managed domain certificates for all hostname.Domain.tld names
- Using the letsencrypt script (from extensions) to get a cert for the naked domain
Once azure will provide certs for the naked domain, i will retire the script.
The situation is following.
My client have a domain example.com. I can access to the site with the following urls :
example.com
www.example.com
http://www.example.com
But I cannot access the site with http://example.com.
Do anyone know why this happens?
I have a simple website host that gives me a domain like website.com which show the website hosted on that server.
I have a CNAME on website.com that redirects to server.cloudapp.net (Azure Virtual machine running Linux)
server.website.com redirects to server.cloudapp.net.
I need to access the user camera on Chrome, and for that, the website need's SSL.
I can purchase a SSL certificate for website.com, but would it work on my cname?
The certificates subject must include all names you see in the URL in the browser. Thus is you have a CNAME aliasing foo.example.com to bar.example.com than foo.example.com will be the one visible in the URL and you must have the certificate for it.
Note that CNAME is just an alias and not a redirection. With a redirection (i.e. HTTP status codes 30x) the URL would change, while with a CNAME it does not.
I need to redirect a URL f.e. https//domain1.nl/sub1/sub2 (from an old exprired ssl certificate) to a new active domain f.e. https//domain2.de/sub1/sub2 with a new and active ssl certificate with php or htaccess rules.
is this possible without getting an security warning from the browsers?
Greeting
Jimbob
Both of these require server to send redirect which happens after the certificate is validated. So no.
every page domain begin with http:// or https:// no matter what. but in some web page there is no www after that, while others have it. Is it up to me having it or not. when can i decide that?
amazon have it http://www.amazon.com/
while no tumblr page haven't one http://f-l-e-u-r-d-e-l-y-s.tumblr.com/
note: tumblr hasn't www because it has subdomains?
It's up to you indeed.
In http://www.amazon.com/, amazon.com is the domain name.
http:// or https:// define the protocol (https = secured http). It's not part of the domain name.
www is a subdomain. you may have multiple subdomains for a given domain - or no subdomain.