Heroku 自动证书管理在一个域中失败 [英] Heroku Automated Certificate Management failed with one domain

问题描述

我正在尝试使用 Heroku 为我的应用程序获得 SSL 认证，但是 自动化证书管理两个域名之一失败.

I am trying to get the SSL certification for my app with Heroku, but the Automated Certificate Management is failing for one of both domain names.

我在 2017 年 3 月之前创建了 dyno，所以我必须按照 此处.

I created the dyno before March 2017, so I had to run heroku certs:auto:enable as explained here.

然后，heroku domain 返回:

Domain Name         DNS Record Type  DNS Target
───────────────     ───────────────  ─────────────────────────────
example.com         ALIAS or ANAME   example.com.herokudns.com
www.example.com     CNAME            www.example.com.herokudns.com

这似乎符合 whatheroku 期望.

无论如何，heroku certs:auto 返回:

Domain             Status
───────────────    ────────────
example.com        Failing
www.example.com    OK          

我承认我对有关域、DNS 等的设置一窍不通.因此，从我的角度来看，这可能是一个非常简单的错误.但是，我阅读了 Heroku 故障排除文档 以及 SO 中的类似问题作为这个或这个 仍然不知道出了什么问题.

I admit that I am quite illiterate for settings concerning domains, DNS and so on. Therefore, this might be a very simple mistake from my side. However, I read the Heroku troubleshooting documentation and also similar questions in SO such as a this one or this one and still have no clue what is wrong.

www.example.com 没问题但 example.com 失败的事实让我更加困惑.不幸的是，我收到了一封没有失败原因的通知电子邮件.

The fact that www.example.com is OK but example.com is failing just confuses me even more. And unfortunately, I received a notification email with no failure reason.

我想问题可能出在 Heroku 上，也可能出在我购买域名的地方.那是 Namecheap.com.

I guess the problem is either on Heroku or where I bought the domain. That is Namecheap.com.

在那里，在 Domain 选项卡上，我有:

There, at the Domain tab I have:

NAMESERVERS Namecheap BasicDNS

REDIRECT DOMAIN   Source URL     Destination
                  example.com    http://www.example.com

然后在 Advanced DNS 标签:

Type                  Host    Value                               TTL
-------------         -----   -------------------------------     -------
CNAME Record          www     example.com.herokudns.com           Automatic
TXT Record            @       google-site-verification...         Automatic
URL Redirect Record   @       http://www.example.com/ Unmasked

我做错了什么?

这个问题似乎是由 Namecheap 引起的.我找到了以下票在 Heroku 上:

The issue seems to be due to Namecheap. I found the following ticket on Heroku:

用户在指向他们的根域(又名 apex域/裸域)到他们的 Heroku 应用程序，或者通过设置正确的 DNS 记录，或通过 HTTPS 访问.

Issue

User is having trouble pointing their root domain (aka apex domain/naked domain) to their Heroku app, either with setting the right DNS records, or accessing it over HTTPS.

Heroku 上的根域需要使用类 CNAME"记录，通常是称为 ALIAS 或 ANAME 记录.

Root domains on Heroku require the use of "CNAME-like" records, often referred to as ALIAS or ANAME records.

不幸的是，许多流行的 DNS 主机，例如 GoDaddy，Namecheap、Bluehost 和其他不支持这些类型的记录.相反，他们倾向于提供以下内容:

Unfortunately, a number of popular DNS hosts such as GoDaddy, Namecheap, Bluehost, and others do not support these types of records. Instead they tend to offer the following:

• A 记录

• A records

网址重定向/转发

这两个选项都有一些注意事项...

There are caveats with both of these options...

出人意料的是，我没有找到任何地方对所有步骤都进行了清楚的解释.到目前为止，我所做的是:

Surprisingly, I did not find any place where all the steps were explained clearly. What I did so far is:

1. 在支持此功能的 DNS 主机上开设一个帐户.我拿了 DNSimple.在撰写本文时，价格从 5 欧元/月起，但有一个免费试用月.
2. 转移域的费用为 14 欧元/年，所以我只是将名称服务器指向Namecheap 到 DNSimple 并将域添加到 DNSimple 以创建 DNS 记录.

3. 然后是 DNSimple 上的配置.我按照文档中的第 1 步将 HTTP 重定向到 HTTPs；忽略第2步，因为Heroku的ACM已经做了；对于第 3 步，文章 将域 Apex 指向 Heroku 非常有帮助.我手动添加了一个 ALIAS 记录，我还添加了一个 CNAME 记录，如下所示:

1. Open an account with a DNS host that supports this. I took DNSimple. At the time of writing, prices start from 5€/month but there is a trial month for free.
2. Transfering the domain costs 14€/year, so I just pointed the name servers at Namecheap to DNSimple and added the domain to DNSimple to create the DNS records.

3. Then came the configuration on DNSimple. I followed the step 1 in the documentation to redirect HTTP to HTTPs; ignored the step 2, since Heroku's ACM had already done it; and for the step 3 the article Pointing the Domain Apex to Heroku was very helpful. I added manually an ALIAS record and I also added a CNAME record, like this:

Type        Name                   Content
─────       ───────────────        ───────────────────────
ALIAS       example.commyapp.com.herokudns.com
CNAME       www.example.commyapp.com.herokudns.com

一开始没有任何效果，浏览器显示以下错误:

At the beginning nothing was working and the browser showed the following error:

找不到 www.example.com 的服务器 IP 地址.

This site can’t be reached

www.example.com’s server IP address could not be found.

检查 故障排除文档 我发现唯一的可能性是 <代码>名称服务器传播延迟，所以我等待.感觉时间很长，但实际上用了不到一个小时，网站就重新上线了.

Checking the troubleshotting documentation I saw that the only possibility was the Name server propagation delay, so I waited. It felt like a very long time, but it actually took less than one hour until the site got online again.

然而，SSL 认证在超过 48 小时后不断失败...

However, the SSL certification keeps failing more than 48 hours later...

推荐答案

供以后参考:联系 Heroku 支持后，他们手动刷新了我的证书请求，最终为我的应用颁发了证书...

For future reference: after contacting Heroku support, they manually refreshed my certificate request and it was finally issued for my app...

这篇关于Heroku 自动证书管理在一个域中失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！