SSL WordPress on AWS - Domain does not resolve ... fix DNS entries - wordpress

Just trying to set up SSL https for my site, using the Bitnami Tool bncert-tool. It shall automate the SSL setup by naming the domain. Unfortunately, I get the message
Warning: The domain 'mypage' does not resolve, please fix its DNS entries or remove it.
Press [Enter] to continue:
Thing is, I can get to the page via domain name and the IP. So no Problem on that side.
I have no clue! I have set up an elastic IP in EC2 and connected the domain in Route53 by adding the dataset. Has some faced the problem before and cases.

From the warning message, 'mypage' is not a domain. Actually have to enter in the full domain path such as
www.google.com
or
google.com
Good luck.

Related

What causes this and how to fix: Error code: SSL_ERROR_NO_CYPHER_OVERLAP

I'm migrating a bitnami wordpress site from AWS lightsail to GCP.
The AWS's setup includes a purchased wildcard SSL. When I set up the loadbalancer in GCP, I opt for Google's SSL instead.
I got this error Error code: SSL_ERROR_NO_CYPHER_OVERLAP when I access from the loadbalancer's IP. The VM is working fine and I am able to access it with it's own external IP.
The domain is still pointing to AWS's server. I wonder if the error is because I have not pointed the domain to the load balancer's IP?
I'm hoping to gain some clarity first before I update the domain's IP. I want to avoid situation where it does not work after I make the switch.
Thanks

Nginx as Reverse Proxy for Prestashop

I have this scenario with Nginx as reverse proxy and Prestashop:
I have Prestashop installed as a container with Proxmox and it has been configured with a local IP address (192.168.0.10) instead of a domain name. I can access Prestashop via the local IP without problems through the local network.
I have nginx as a reverse proxy installed on another VM that receives the request with a domain name (subdomain.example.com) with an SSL certificate on the Nginx, and makes a proxy_pass for the local IP address (192.168.0.10).
When the request is made via the external domain Prestashop redirects [subdomain.example.com] to [192.168.0.1] which is not expected.
With other attempts returns the error (too many redirects) ...
other attempts returns the error 500 ...
I've already tried to enable SSL on prestashop, assign the domain [subdomain.example.com] on prestashop, activate multistore and several other attempts without any success.
I found a tutorial that suggest do edit de [Link.php] file on Prestashop but don't work for me too.
I can't find any material on the web that solves this problem, nor in the Prestashop documentation, so I ask for your help.
This is probably a misconfiguration in Prestashop as your webserver config is pretty straightforward.
Please make sure :
that your DB table ps_shop_url is containing the correct subdomain.example.com in domain and domain_ssl row.
that .htaccess file in Prestashop in root folder is not containing references to your backend IP (192.168.0.1) - If this is the case, you'll need to regenerate in from backoffice (click SAVE in Seo&URL tab )

SSL Certificates explanation

Can someone answer a simple SSL Cert question for me to derisk my decision?
My Stack: Bitami WordPress instance on GCP VM.
Situation
I have a website with an SSL cert linked to my domain name.
I started an instance with a new static IP address.
I remapped the domain name to the new servers and added the correct credentials [confirmed everything is configured correctly with the GCP team].
Ran -dig command and confirmed new instance is mapped to the domain name.
Problem
The domain name will not load in the browser. Get the "NET:: ERR_CERT_INVALID" message.
My Diagnosis
I haven't transferred my SSL to my new IP address.
Confusion
Everywhere I read says the SSL is mapped to the domain name, not the IP address itself. So theoretically there should not be an issue.
Question(s) to you
Do I solve this simply by generating new SSL cert on the new instance? Will that just overwrite the old SSL cert and map my domain name to the new SSL cert?
If not - what's the solution?
I don't understand the technical relationship between IP address, domain names, and certs. I have read as much as I can and everyone seems to talk around it but not explain it in detail.
Thanks in advance!
Bitnami Engineer here,
If you created a new instance from scratch, you will need to migrate the SSL certificates from the first instance to the second one. You can either copy the SSL certificates from the machine or download them again from the CA website and substitute the files you have in the /opt/bitnami/apache2/conf folder.
In case you were using a Let's Encrypt certificate, you can generate new certificates by using the Bitnami HTTPS configuration tool (/opt/bitnami/bncert-tool) or by running the CLI tool to generate new certificates. If you use the Bitnami HTTPS configuration tool, you won't need to modify the Apache's configuration, the tool will do that for you. You can learn more about it here
https://docs.bitnami.com/google/how-to/understand-bncert/
Please remember to confirm that the domain name is configured properly by checking your domain using this online tool before trying to generate the certificates
https://www.whatsmydns.net/
New problem.
I used the bncert tool as per Jotas recommendation and it worked well.
I checked my domain name via 'whatsmydns' as well as my SSL via an SSL checking tool. All worked out as expected - my IP address is matching against my Domain name and SSL is matching against my domain name.
I type my domain name into the browser and it loads my site with the padlock, across all browsers.
So from the outside - it looks like everything is fine.
But I have two issues still.
Problem #1:
In my WordPress 'general>settings', I tried to update my 'WordPress address' and 'site address' but they are greyed out. So I updated my wp-config file with the new https addresses as per these instructions which have worked for me before without issues (https://www.wpbeginner.com/wp-tutorials/how-to-change-your-wordpress-site-urls-step-by-step/). It didn't break the site, but I could no longer log in. As soon as I deleted the new wp-config code, I could log in again. So if that won't work, I now have no course of action to update my 'WordPress' and 'site' addresses.
So my questions are - do you know why this won't work? Is it a bitnami quirk? And does it matter? If the domain is working, does it matter if I keep the wp-config file as an http address and not an https address?
Problem #2:
My domain name takes me to my site at the correct IP address. It loads with a secure padlock icon. I can log in. Everything works as it should.
If I use the IP address, however, instead of the domain name, it also loads the same site but as an insecure site with no padlock.
Question - Any idea how that is possible? I thought a domain name was just a human-friendly version of an IP address. And if the webserver is a single server, how can using a domain name versus an IP address generate different front end results?
Thanks again team, as a person who is new to this community, it really does give you faith in humanity.

Restrict OpenVPN server to be accessable only through Domain Name and not the server IP on the browser

I have deployed an OpenVPN server from GCP market Place and have attached a Domain name to it along with the SSL certificate. Currently, I am able to access the server through both
https://domain-name.com
https://x.x.x.x -(Server Static Ip)
I want the server to be accessible only through the hostname and not its Server IP as the latter URL gives an SSL security error as the SSL certificate is attached to the Domain name and not to the server IP.
Can anyone help me to restrict it or give some advice to solve it?
You could try to do it(prevent access by IP) but I advice you to not try to do it.
Theoretically it could be possible for your HTTP server to reset SSL connection when browser sends "wrong" SNI(Server Name Indication) in a handshake.
Thus you could prevent your browser displaying security alerts.
Instead your browser would show network error message.
I doubt you would like to trade one type of error to another one.
I suggest you to do nothing about such "error" because legitimate visitors will come to your site via domain name and will not see such security warning.
Also there is huge possibility that legitimate visitor (with paranoid mindset) will use browser with SNI feature disabled so your server will not be able to make difference between good and bad URLs.
PS: here are relevant questions and discussions at reddit and at ServerFault and another one

IIS Subdomain Host Headers Not Working

Using IIS 7, I have an existing website, example.com, and I have added another website to which I'd like the URL, sub.example.com to point. I've set up the host headers for this, but it does not work. Trying to ping the subdomain URL give the message "Ping request could not find host sub.example.com. Please check the name and try again."
Should a DNS setting perhaps be set?
The subdomain must be set in the DNS or it will not resolve to an IP address. Just having it defined in IIS is not enough. The client computer must be able to translate the name into a meaningful server address.

Resources