AWS: Set up cloudfront and issued certificate. Still not secure - wordpress

I have been using the WP AWS S3 Offsite-upload plugin for a while now and recently it has asked me to create a url for my site as a subdomain and use that to point to my cloudfront.
so, I changed my DNS records to add a CNAME
sub.mydomain.com > somestring.cloudfront.net
When I went to any files sub.mydomain.com/wp-content/wp-uploads/2018/10/image1.jpg I get a 'not secure' alert.
After a google I this link on AWS: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html
Using the steps there I went to the AWS Certificate Manager and generated a certificate for:
images.mydomain.com
and then downloaded the CNAME CSV file. I then added that CNAME to my DNS Zone editer on my CPanel and waited 24 hours.
Still I am getting a 'not secure' message.
In the AWS console the certificate says issued but not in use.
How do I get my subdomain images.subdomain.co.uk to point to my cloudfront installation?
I feel like it shouldn't be this difficult so apologies if i'm being a noob

You have issued the certificate but you have not to use let's encrypt to use ssl properly.
---> Just open your site and inspect element
---> then go to Security tab where it says suggest you what exactly the error is
solution
To resolve you have to use let's encrypt so you get ssl issued and integrated perfect.for that please follow these steps : https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

If you are using AWS Route 53, to point your subdomain 'images.subdomain.co.uk' to CloudFront distribution, you need to create an Alias record set in your Hosted Zone. Select Alias: 'Yes' radio button while creating the record set and you should be able to see your CloudFront distribution in the drop down if it is in Deployed state.

Related

Cloudfront domain name not working to redirect HTTP to HTTPS using S3, Cloudfront, and Route 53

First post here - hello fellow stackoverflowers :)
Website issue.
Bought domain on Google, hosting on S3. Used route 53 to redirect requests.
Created 2 public buckets in S3, example.com and www.example.com (example.com redirecting to www)
WEBSITE WORKS - YES! Now let's get it https
Got the SSL amazon certificate for *.example.com via route 53 DNS confirmation.
Uploaded it to my cloudfront distribution ( and in the parameters ensured http redirects to https).
Following this article (How to redirect HTTP to HTTPS using S3, Cloudfront, and Route 53 using naked domains? ), I now need to redirect requests from route 53 towards the Cloudfront domain name.
But the Cloudfront domain name gives an error message ( see below). Where could it come from? (I understand this should be the https website link no?)
error message
FYII don't use an EC2 instance. I understand there is another way of getting an SSL by passing through providers like Namecheap - but it seems much more complicated ( compared to Amazon doing it for free).
Probably your CloudFront origin is pointing at the wrong endpoint. Don't pick the auto-suggested bucket from the origin list, instead explicitly copy the endpoint shown in your S3 bucket under "Static website hosting", which should look something like example.com.s3-website-us-east-1.amazonaws.com. Otherwise you're pointing at the S3 bucket HTTP interface, not the website host.
Just to make sure, the entire process is basically:
Set up the domain zone in Route 53 first, so it exists for the next step.
In region US-East-1 (N. Virginia, important!), create a certificate request for the domain in Certificate Manager. Use DNS validation, and let AWS auto-insert the required records to your Route 53 configuration you created in 1.
Create the S3 bucket.
Explicitly set a custom bucket policy to allow anonymous access.
Enable "Static website hosting" for the bucket. Note the displayed endpoint.
Create a CloudFront distribution, add your domain name as Alternate Domain Name, choose the certificate created in 2. from the list, add the endpoint noted in 5. as origin.
Update the Route 53 configuration to add an A (and AAAA) alias record, pointing to the CloudFront distribution, which you can choose from the auto-suggested list.
Wait until everything is deployed.
Especially the certificate you'd want to create as described, since this allows it to auto-renew and you won't have to worry about it. CloudFront can only automatically use certificates created in region US-East-1, creating your certificates elsewhere means you'll need to down/upload them manually, and do that every time they expire.

How to setup virtualmin to use cloudflare

The goal is to have free ssl from cloudflare. So I moved dns records to cloudflare and is showing me - Certificate is Active. When I go to 'Analytics tab' it shows me traffic that is coming to the website. But when I enter the site https://www.zampadebattista.com I'm getting 'Your connection is not private'. It look that virtualmin is using his own self-signed certificate that I didn't setup. Do I need change something in virtualmin?
Thanks for your help
Try to see if the same key and Certificate that is in the Directory is the same as the CloudFlare.
Clean Your Cookies ...
Enter the site with the Browser in Anonimo
Here it is working perfectly!
If you have solved, clarify the solution you found ...

How to setup email with AWS Lightsail

I've recently hosted my wordpress website through AWS Lightsail. The site has a contact form and a newsletter, but neither are working. I'm also unable to send a password reset email through wordpress, receiving a message that the host may have disabled the mail() function.
How do I setup email on my website? Is it handled through the domain or the host? I've read that I may need to sign up for AWS SES, however I'm unsure how to proceed. My client has also informed me that they have Outlook 365 setup for the domain, but I'm unsure where that fits in.
Apologies for the vagueness. I'm new to hosting websites online, and have been unable to find any useful tutorials/resources so any help would be greatly appreciated.
I would suggest not hosting your client's email through your Lightsail server. There are a lot of extra headaches to consider and there are other services that are more reliable and offer a better more robust user interface than the options available on server.
To get your client a custom domainname email address (ie joe#domainname.com) here are two options:
Zoho -
Cost: FREE
You can sign up here: https://www.zoho.com/workplace/pricing.html?src=zmail
You need to verify the domain name for this to work (either by adding an HTML file to the site or a CNAME to the domain)
GSuite by Google - Cost: $5/user/month
You can sign up here: https://inbox.google.com/u/0/search/google%20suite#m_-1052842142248281614_
You can also get some good promotional codes to get 20% off the first year - here's one: 9746YLRVNWERPAH
And, to your question about making sure forgot password emails are sent, make sure sendmail is installed on the server (apt-get install sendmail), that the /etc/hosts file contains the following
127.0.0.1 localhost localhost.localdomain yourhostnamehere
and that port 25 is open on the server.

This page is insecure (broken HTTPS) hosting website on 000webhost

Changed the general settings of my wordpress website: "WordPress Address (URL)" and "Site Address (URL)" to www.wikipickr.com. After saving when I opened my website the https in url was crossed clicked on it and then details and this was displayed.
Problem Screenshot
What I wanted: I wanted the green padlock to appear before the url which meant that the connection is encrypted. And I wanted visitors to stay on www.wikipickr.com domain not the 000webhost domain I mentioned below, as before changing the setting, they were being redirected to wikipickr.000webhost.com.
Things you might need to know: I own www.wikipickr.com from Go Daddy. I'm actually hosting my website on a free hosting provider, 000webhost. My URL for that site is [wikipickr.000webhostapp.com][3] . I added a CNAME record in
my Go Daddy DNS setting to wikipickr.000webhostapp.com and then When I changed the setting from /wp-admin as I mentioned above, The cross mark started appearing. This is my first time hosting a website, feel free to bash me for my stupidity, if any. Thankyou for reading all this.
The link you provided now has data base error can not connect you need to follow the instructions provided by godaddy if that is where you purchased your certificate
After you've verified your certificate request, you can download your certificate files, and then install them on your server.
Install SSL certificates

Firebase hosting using custom domain has SSL cert pointing to firebase.com

I am able to complete the connect to custom domain step successfully and https://example.com is correctly loading my static file app which is hosted on Firebase.
However, browser is warning about the site's SSL certificate is not matching example.com. I looked at the certificate and it is of firebase.com, not example.com.
This certificate is provided by Firebase for example.com (my custom domain name) and I expect it to be matching it. Is this expected?
I know the other solution is to get my own certificate for example.com. However, it seems that Firebase won't let me deploy my own cert.
Update
I retried it some time back and it is fixed. And the whole suite of Firebase db/functions and corresponding sdk/cli are working really well. Great for small dev team.
Solution: Don't have to do anything about it other than just wait.
Faced the same problem when connecting to my custom domain on Firebase Hosting. However, it will only be insecure when the status is pending. The status can be found on your Firebase Hosting Dashboard.
My connection turned secured with a green lock after around 3 hours, and the status reflected in the dashboard changed to connected.
This error message called domain name mismatch warning that occurs because of the domain is pointed to a shared IP addresses.
You need to confirm that your hosting provider supports SNI technology which allows install different certificates on the same IP. Please ensure that the certificate is installed correctly on your desired server and enable SNI. If your hosting provider doesn’t support SNI technology, you should have to dedicated IP to host your SSL.
In the add custom domain menu, check by changing the setup mode to advanced and complete the provide token on existing domain task by copying the TXT value to your dns records according to the instruction.
This solved my problem.

Resources