I am able to complete the connect to custom domain step successfully and https://example.com is correctly loading my static file app which is hosted on Firebase.
However, browser is warning about the site's SSL certificate is not matching example.com. I looked at the certificate and it is of firebase.com, not example.com.
This certificate is provided by Firebase for example.com (my custom domain name) and I expect it to be matching it. Is this expected?
I know the other solution is to get my own certificate for example.com. However, it seems that Firebase won't let me deploy my own cert.
Update
I retried it some time back and it is fixed. And the whole suite of Firebase db/functions and corresponding sdk/cli are working really well. Great for small dev team.
Solution: Don't have to do anything about it other than just wait.
Faced the same problem when connecting to my custom domain on Firebase Hosting. However, it will only be insecure when the status is pending. The status can be found on your Firebase Hosting Dashboard.
My connection turned secured with a green lock after around 3 hours, and the status reflected in the dashboard changed to connected.
This error message called domain name mismatch warning that occurs because of the domain is pointed to a shared IP addresses.
You need to confirm that your hosting provider supports SNI technology which allows install different certificates on the same IP. Please ensure that the certificate is installed correctly on your desired server and enable SNI. If your hosting provider doesn’t support SNI technology, you should have to dedicated IP to host your SSL.
In the add custom domain menu, check by changing the setup mode to advanced and complete the provide token on existing domain task by copying the TXT value to your dns records according to the instruction.
This solved my problem.
Related
I'm having hard time in understanding how the SSL part of this firebase works
as there is no option to change
and its causing many issues if we use other SSL apart from firebase
is there any way where we can disable firebase ssl
and use custom one
or can some one tell me how to reset this ssl issued by firebase (which is different domain and its just partial not full/strict https)
The SSL certificates Firebase Hosting uses come from letsentrypt.org. They are full SSL certificates, but they are shared between many domains. From the Firebase documentation on its SSL certificate provisioning:
Your domain will be listed as one of the Subject Alternative Names (SAN) in the FirebaseApp SSL certificate. You can view this certificate using the browser's security tools. While the domain is provisioning, you might see an invalid certificate that does not include your domain name. This is a normal part of the process and will resolve after your domain's certificate is available.
If your project is on the paid Blaze plan, you can reach out to Firebase support to set up a SSL certificate you provide on Firebase Hosting for it.
I have been using the WP AWS S3 Offsite-upload plugin for a while now and recently it has asked me to create a url for my site as a subdomain and use that to point to my cloudfront.
so, I changed my DNS records to add a CNAME
sub.mydomain.com > somestring.cloudfront.net
When I went to any files sub.mydomain.com/wp-content/wp-uploads/2018/10/image1.jpg I get a 'not secure' alert.
After a google I this link on AWS: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html
Using the steps there I went to the AWS Certificate Manager and generated a certificate for:
images.mydomain.com
and then downloaded the CNAME CSV file. I then added that CNAME to my DNS Zone editer on my CPanel and waited 24 hours.
Still I am getting a 'not secure' message.
In the AWS console the certificate says issued but not in use.
How do I get my subdomain images.subdomain.co.uk to point to my cloudfront installation?
I feel like it shouldn't be this difficult so apologies if i'm being a noob
You have issued the certificate but you have not to use let's encrypt to use ssl properly.
---> Just open your site and inspect element
---> then go to Security tab where it says suggest you what exactly the error is
solution
To resolve you have to use let's encrypt so you get ssl issued and integrated perfect.for that please follow these steps : https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/
If you are using AWS Route 53, to point your subdomain 'images.subdomain.co.uk' to CloudFront distribution, you need to create an Alias record set in your Hosted Zone. Select Alias: 'Yes' radio button while creating the record set and you should be able to see your CloudFront distribution in the drop down if it is in Deployed state.
I've recently hosted my wordpress website through AWS Lightsail. The site has a contact form and a newsletter, but neither are working. I'm also unable to send a password reset email through wordpress, receiving a message that the host may have disabled the mail() function.
How do I setup email on my website? Is it handled through the domain or the host? I've read that I may need to sign up for AWS SES, however I'm unsure how to proceed. My client has also informed me that they have Outlook 365 setup for the domain, but I'm unsure where that fits in.
Apologies for the vagueness. I'm new to hosting websites online, and have been unable to find any useful tutorials/resources so any help would be greatly appreciated.
I would suggest not hosting your client's email through your Lightsail server. There are a lot of extra headaches to consider and there are other services that are more reliable and offer a better more robust user interface than the options available on server.
To get your client a custom domainname email address (ie joe#domainname.com) here are two options:
Zoho -
Cost: FREE
You can sign up here: https://www.zoho.com/workplace/pricing.html?src=zmail
You need to verify the domain name for this to work (either by adding an HTML file to the site or a CNAME to the domain)
GSuite by Google - Cost: $5/user/month
You can sign up here: https://inbox.google.com/u/0/search/google%20suite#m_-1052842142248281614_
You can also get some good promotional codes to get 20% off the first year - here's one: 9746YLRVNWERPAH
And, to your question about making sure forgot password emails are sent, make sure sendmail is installed on the server (apt-get install sendmail), that the /etc/hosts file contains the following
127.0.0.1 localhost localhost.localdomain yourhostnamehere
and that port 25 is open on the server.
I’m building a web application where users can create their own websites. Users have the option to point their own domain names at these sites. A prototype for the application already exists; Apache accepts requests on all hostnames and the actual domain mapping and resolution happen at the application level (a simple database lookup grabs the site that matches the requested hostname).
Where I’m stuck is how users’ SSL certificates might fit into this equation. What steps would I need to take to allow a user to upload their SSL certificate such that the application could successfully handle secure HTTP requests to their hostname? Is this even something the application alone could handle?
I think you cannot handle this in your application alone.
It's a CA problem, except you are an intermediate CA company, or you cannot get the user's domain SSL certificate and sign for user's domain.
The typical user, and IMHO even more the user's who are going to create a web site of this system as opposed to setting up their own WordPress or other site on their own server (or their own paid shared server hosting account), will have absolutely no idea how to setup a proper SSL certificate, so getting it to your securely so that you can install it wouldn't even be an issue because they will never get that far.
However, you should be able to use Let's Encrypt to do exactly what you need. As part of the process of adding a domain, once the domain is pointing to your server (the users will have to figure out how to do that with their domain registrar), you can create a Let's Encrypt certificate and validate it. My favorite web hosting company (I won't name it as that is not relevant - anyone can do this with some effort) provides this capability as part of their Control Panel. They also provide paid certificates with a few of the big issuers, as they have for many years, but for most small sites Let's Encrypt works very well and is totally free. The setup literally takes only a minute. The key is that you have to give the user an IP address or CNAME first so that they can point the domain. Once the domain is resolving to your server, you can get the Let's Encrypt certificate.
When I try to get data in a mobile flex app from a secure site, I get following alert:
A secure connection with this site cannot be verified. Would you still
like to proceed? The certificate you are viewing does not match the
name of the site you are trying to view.
For each call, I get the popup. If I keep on clicking Yes, the app works fine (but I would like to avoid that ;-)).
Any ideas? Apparently, the url from where the request comes, is not the same as defined in the certificate... But what is the url if called from a mobile app (standalone)? It's neither an error, because you can click on yes. So it's more that the client gives a warning. The annoying thing is that you can't accept it permanently...
This is the same whenever a cert is not correct and chrome or firefox alerts you and asks if you want to proceed. You cant accept a faulty cert on the behalf of your users. The easiest way to fix this is to tell the site owner to get a proper cert.
Check with your system administrators of website whether certificate installed is issued for your domain. It appears that certificate is issued for a domain https:///xxxx where as it is installed on https://yyyy
Bypassing is OK for testing , it seems finally you will have to get this corrected
In my experience this only comes up with self-signed certs, expired certs, and when you are calling the cert by a URL that is not identified in the cert.
With most certs they are associated with a single host/domain combination, i.e. https://www.domain.com
That means that they cannot be used with any other domain host combination. Not even http://domain.com or https://sub.domain.com.
There are certs that will support different hosts on the same domain (www.domain.com, sub.domain.com, etc). They are called wildcard cert. They are very expensive compared to normal single domain certs.
My guess is that in the browser you are calling www.domain.com but in your AIR app you are calling domain.com or calling some other host. That or you have permanently accepted the improper cert in the browser.
I have never have a problem with anything improperly identifying a valid cert. Not a browser, Flex app, AIR application. Ever.
If you view the cert in the browser you should be able to see what domain/host it is registered to. Make sure you are using exactly that. Any variation will cause the error.
As a temporarily solution I added some exceptions to the URL Rewrite Module, so that communication by Mobile App can be done with HTTP. But it's no longer secure, so I would rather use HTTPS.
I have also faces this issue and simple solution is fixed the certificate issue. If not possible then forget about using the HTTPS use HTTP only. So you never get any complain about any certificate issue.