对Google Domains上托管域名使用自动证书管理失败 [英] Unsuccessful in using Automated Certificate Management for domains hosted on Google Domains

问题描述

我遵循Heroku的自动证书管理说明来生成SSL证书通过 LetsEncrypt （荣誉给LetsEncrypt和heroku !!）用于我的Ruby Sinatra应用程序，但为我的SSL证书生成自定义域失败。

激活自动证书管理后，我的应用的heroku域名从* .herokuapp.com更改为* .herokudns.com，如预期的那样。

我相应地更新了我的Google Domain记录，但Google Domain不允许将网域根指定为CNAME记录。相反，根需要通过子域转发指向http（s）：//www.mycustomdomain.com，即

  mycustomdomain .com  - > http://www.mycustomedomain.com 
  

当heroku的证书生成过程运行时，它期望BOTH www.mycustomdomain.com 和 mycustomdomain.com 进行验证。似乎域根通过子域转发指向www地址的事实阻止了域根验证。

我猜这是导致自定义域名SSL证书生成失败的原因？

在我之前检查与heroku，我接触到的stackoverflow社区incase任何人遇到这个并解决它？

在heroku上的自定义域设置

  user @ machine1：〜/ projects / mycustomdomain $ heroku domains 
 === mycustomdomain Heroku Domain 
 mycustomdomain.herokuapp.com 
 
 === mycustomdomain自定义域名
域名DNS目标
─────────────────────────────────────── ──────────────────
 mycustomdomain.com mycustomdomain.com.herokudns.com 
 www.mycustomdomain.com www.mycustomdomain.com.herokudns.com 
  

Google Domain配置

子域转发

mycustomdomain.com - > http://www.mycustomdomain.com

*。mycustomdomain.com - > http://www.mycustomdomain.com

自定义资源记录

 < table style =border：1px solid black; border-collpase> < TR> <的第i; NAME< /第> <的第i;的类型< /&第GT; <的第i; TTL< /第> <的第i; DATA< /第> < / TR> < TR> < TD> WWW< / TD> < TD> CNAME< / TD> < TD> 1 H< / TD> < TD> www.mycustomdomain.com.herokudns.com< / TD> < / tr>< / table>  

$ b

---

作为迟到的更新，我已经找到了以下链接，我已成功地使用以下链接配置托管在Google Domains上的应用程序，以使用Let's Encrypt SSL： https://medium.com/@connorleech/https-ssl -on-heroku-with-google-domains-as-dns-provider-c55c438556c6

（我在此提供链接而不是重述信息，因为这是相当多的信息）

解决方案

Heroku证实：

要使用apex域，我们建议切换到DNS提供商，
支持apex域的类似CNAME的功能，例如Cloudflare，
，然后重新启用ACM 。

这是记录在他们的网站上：
https://devcenter.heroku.com/articles/custom-domains#configuring -dns-for-root-domains

I've followed Heroku's Automated Certificate Management instructions for generating an SSL certificate via LetsEncrypt (kudos to LetsEncrypt and heroku!!) for my Ruby Sinatra app but generation of the SSL certificate for my custom domain is failing.

After activating automated certificate management, the heroku domain name for my app changes from *.herokuapp.com to *.herokudns.com, as expected.

I've updated my Google Domain records accordingly, however Google Domain doesn't allow the domain root to be specified as a CNAME record. Instead the root needs to be pointed at http(s)://www.mycustomdomain.com via subdomain forwarding, i.e.

mycustomdomain.com --> http://www.mycustomedomain.com

When heroku's certificate generation process runs, it expects BOTH www.mycustomdomain.com and mycustomdomain.com to be verified. It seems that the fact that the domain root is pointed to the www address via subdomain forwarding is preventing the domain root from validating.

I'm GUESSING that this is causing generation of the custom domain SSL certificate to fail?

Before I check with heroku, I'm reaching out to the stackoverflow community incase anyone's encountered this and solved it?

Custom domain setup on heroku

user@machine1:~/projects/mycustomdomain$ heroku domains
=== mycustomdomain Heroku Domain
mycustomdomain.herokuapp.com

=== mycustomdomain Custom Domains
Domain Name       DNS Target
────────────────  ──────────────────────────────
mycustomdomain.com      mycustomdomain.com.herokudns.com
www.mycustomdomain.com  www.mycustomdomain.com.herokudns.com 

Google Domain config

Subdomain forward

mycustomdomain.com --> http://www.mycustomdomain.com

*.mycustomdomain.com --> http://www.mycustomdomain.com

Custom resource records

<table style="border:1px solid black; border-collpase">
  <tr>
    <th>NAME</th>
    <th>TYPE</th>
    <th>TTL</th>
    <th>DATA</th>
  </tr>
  <tr>
    <td>www</td>
    <td>CNAME</td>
    <td>1h</td>
    <td>www.mycustomdomain.com.herokudns.com</td>
  </tr>
</table>

---

As a belated update, I have since found the following link, which I have used successfully to configure my app hosted on Google Domains, to use Let's Encrypt SSL: https://medium.com/@connorleech/https-ssl-on-heroku-with-google-domains-as-dns-provider-c55c438556c6

(I provide the link rather than restating the information here, as it is quite a lot of information)

解决方案

Heroku have confirmed that:

To use apex domains, we recommend switching to a DNS provider that support CNAME-like functionality for apex domains, such as Cloudflare, and then re-enabling ACM.

This is documented on their site here: https://devcenter.heroku.com/articles/custom-domains#configuring-dns-for-root-domains

这篇关于对Google Domains上托管域名使用自动证书管理失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！