Heroku 自动证书管理在一个域中失败 [英] Heroku Automated Certificate Management failed with one domain
问题描述
我正在尝试使用 Heroku 为我的应用程序获得 SSL 认证,但是 自动化证书管理两个域名之一失败.
I am trying to get the SSL certification for my app with Heroku, but the Automated Certificate Management is failing for one of both domain names.
我在 2017 年 3 月之前创建了 dyno,所以我必须按照 此处.
I created the dyno before March 2017, so I had to run heroku certs:auto:enable
as explained here.
然后,heroku domain
返回:
Domain Name DNS Record Type DNS Target
─────────────── ─────────────── ─────────────────────────────
example.com ALIAS or ANAME example.com.herokudns.com
www.example.com CNAME www.example.com.herokudns.com
这似乎符合 whatheroku 期望.
无论如何,heroku certs:auto
返回:
Domain Status
─────────────── ────────────
example.com Failing
www.example.com OK
我承认我对有关域、DNS 等的设置一窍不通.因此,从我的角度来看,这可能是一个非常简单的错误.但是,我阅读了 Heroku 故障排除文档 以及 SO 中的类似问题作为这个或这个 仍然不知道出了什么问题.
I admit that I am quite illiterate for settings concerning domains, DNS and so on. Therefore, this might be a very simple mistake from my side. However, I read the Heroku troubleshooting documentation and also similar questions in SO such as a this one or this one and still have no clue what is wrong.
www.example.com
没问题但 example.com
失败的事实让我更加困惑.不幸的是,我收到了一封没有失败原因的通知电子邮件.
The fact that www.example.com
is OK but example.com
is failing just confuses me even more. And unfortunately, I received a notification email with no failure reason.
我想问题可能出在 Heroku 上,也可能出在我购买域名的地方.那是 Namecheap.com.
I guess the problem is either on Heroku or where I bought the domain. That is Namecheap.com.
在那里,在 Domain
选项卡上,我有:
There, at the Domain
tab I have:
NAMESERVERS Namecheap BasicDNS
REDIRECT DOMAIN Source URL Destination
example.com http://www.example.com
然后在 Advanced DNS
标签:
Type Host Value TTL
------------- ----- ------------------------------- -------
CNAME Record www example.com.herokudns.com Automatic
TXT Record @ google-site-verification... Automatic
URL Redirect Record @ http://www.example.com/ Unmasked
我做错了什么?
这个问题似乎是由 Namecheap 引起的.我找到了以下票在 Heroku 上:
The issue seems to be due to Namecheap. I found the following ticket on Heroku:
用户在指向他们的根域(又名 apex域/裸域)到他们的 Heroku 应用程序,或者通过设置正确的 DNS 记录,或通过 HTTPS 访问.
Issue
User is having trouble pointing their root domain (aka apex domain/naked domain) to their Heroku app, either with setting the right DNS records, or accessing it over HTTPS.
Heroku 上的根域需要使用类 CNAME"记录,通常是称为 ALIAS 或 ANAME 记录.
Root domains on Heroku require the use of "CNAME-like" records, often referred to as ALIAS or ANAME records.
不幸的是,许多流行的 DNS 主机,例如 GoDaddy,Namecheap、Bluehost 和其他不支持这些类型的记录.相反,他们倾向于提供以下内容:
Unfortunately, a number of popular DNS hosts such as GoDaddy, Namecheap, Bluehost, and others do not support these types of records. Instead they tend to offer the following:
A 记录
A records
网址重定向/转发
这两个选项都有一些注意事项...
There are caveats with both of these options...
出人意料的是,我没有找到任何地方对所有步骤都进行了清楚的解释.到目前为止,我所做的是:
Surprisingly, I did not find any place where all the steps were explained clearly. What I did so far is:
- 在支持此功能的 DNS 主机上开设一个帐户.我拿了 DNSimple.在撰写本文时,价格从 5 欧元/月起,但有一个免费试用月.
- 转移域的费用为 14 欧元/年,所以我只是将名称服务器指向Namecheap 到 DNSimple 并将域添加到 DNSimple 以创建 DNS 记录.
然后是 DNSimple 上的配置.我按照文档中的第 1 步将 HTTP 重定向到 HTTPs;忽略第2步,因为Heroku的ACM已经做了;对于第 3 步,文章 将域 Apex 指向 Heroku 非常有帮助.我手动添加了一个
ALIAS 记录
,我还添加了一个CNAME
记录,如下所示:
- Open an account with a DNS host that supports this. I took DNSimple. At the time of writing, prices start from 5€/month but there is a trial month for free.
- Transfering the domain costs 14€/year, so I just pointed the name servers at Namecheap to DNSimple and added the domain to DNSimple to create the DNS records.
Then came the configuration on DNSimple. I followed the step 1 in the documentation to redirect HTTP to HTTPs; ignored the step 2, since Heroku's ACM had already done it; and for the step 3 the article Pointing the Domain Apex to Heroku was very helpful. I added manually an
ALIAS record
and I also added aCNAME
record, like this:
Type Name Content
───── ─────────────── ───────────────────────
ALIAS example.commyapp.com.herokudns.com
CNAME www.example.commyapp.com.herokudns.com
一开始没有任何效果,浏览器显示以下错误:
At the beginning nothing was working and the browser showed the following error:
找不到 www.example.com 的服务器 IP 地址.
This site can’t be reached
www.example.com’s server IP address could not be found.
检查 故障排除文档 我发现唯一的可能性是 <代码>名称服务器传播延迟,所以我等待.感觉时间很长,但实际上用了不到一个小时,网站就重新上线了.
Checking the troubleshotting documentation I saw that the only possibility was the Name server propagation delay
, so I waited. It felt like a very long time, but it actually took less than one hour until the site got online again.
然而,SSL 认证在超过 48 小时后不断失败...
However, the SSL certification keeps failing more than 48 hours later...
推荐答案
供以后参考:联系 Heroku 支持后,他们手动刷新了我的证书请求,最终为我的应用颁发了证书...
For future reference: after contacting Heroku support, they manually refreshed my certificate request and it was finally issued for my app...
这篇关于Heroku 自动证书管理在一个域中失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!