无法对Google域上托管的域使用自动证书管理
[英]Unsuccessful in using Automated Certificate Management for domains hosted on Google Domains
问题描述
I've followed Heroku's Automated Certificate Management instructions for generating an SSL certificate via LetsEncrypt (kudos to LetsEncrypt and heroku!!) for my Ruby Sinatra app but generation of the SSL certificate for my custom domain is failing. 
我已经按照Heroku的自动证书管理说明进行操作,以通过Ruby Sinatra应用程序通过LetsEncrypt (对LetsEncrypt和heroku !!表示感谢)生成SSL证书,但是为自定义域生成SSL证书失败。
After activating automated certificate management, the heroku domain name for my app changes from *.herokuapp.com to *.herokudns.com, as expected. 激活自动证书管理后,我的应用程序的heroku域名如预期的那样从* .herokuapp.com更改为* .herokudns.com。
I've updated my Google Domain records accordingly, however Google Domain doesn't allow the domain root to be specified as a CNAME record. 我已经相应地更新了我的Google Domain记录,但是Google Domain不允许将域根指定为CNAME记录。 Instead the root needs to be pointed at http(s)://www.mycustomdomain.com via subdomain forwarding, ie 而是需要通过子域转发将根指向http(s)://www.mycustomdomain.com,即
mycustomdomain.com --> http://www.mycustomedomain.com
When heroku's certificate generation process runs, it expects BOTH www.mycustomdomain.com and mycustomdomain.com to be verified. 当heroku的证书生成过程运行时,它期望同时验证www.mycustomdomain.com和mycustomdomain.com 。 It seems that the fact that the domain root is pointed to the www address via subdomain forwarding is preventing the domain root from validating. 似乎域根通过子域转发指向www地址的事实阻止了域根的验证。
I'm GUESSING that this is causing generation of the custom domain SSL certificate to fail? 我猜这正在导致自定义域SSL证书生成失败?
Before I check with heroku, I'm reaching out to the stackoverflow community incase anyone's encountered this and solved it? 在与heroku进行检查之前,我要联系stackoverflow社区,以防万一有人遇到并解决了这个问题?
Custom domain setup on heroku 在Heroku上自定义域设置
user@machine1:~/projects/mycustomdomain$ heroku domains
=== mycustomdomain Heroku Domain
mycustomdomain.herokuapp.com
=== mycustomdomain Custom Domains
Domain Name DNS Target
──────────────── ──────────────────────────────
mycustomdomain.com mycustomdomain.com.herokudns.com
www.mycustomdomain.com www.mycustomdomain.com.herokudns.com
Google Domain config Google域配置
Subdomain forward 子域转发
mycustomdomain.com --> http://www.mycustomdomain.com
*.mycustomdomain.com --> http://www.mycustomdomain.com
Custom resource records 自定义资源记录
<table style="border:1px solid black; border-collpase"> <tr> <th>NAME</th> <th>TYPE</th> <th>TTL</th> <th>DATA</th> </tr> <tr> <td>www</td> <td>CNAME</td> <td>1h</td> <td>www.mycustomdomain.com.herokudns.com</td> </tr> </table>
As a belated update, I have since found the following link, which I have used successfully to configure my app hosted on Google Domains, to use Let's Encrypt SSL: https://medium.com/@connorleech/https-ssl-on-heroku-with-google-domains-as-dns-provider-c55c438556c6 作为一个迟来的更新,此后我找到了以下链接(已成功用于配置我托管在Google Domains上的应用程序)以使用“让我们加密SSL”: https : //medium.com/@connorleech/https-ssl-on- heroku与Google域作为DNS提供者c55c438556c6
(I provide the link rather than restating the information here, as it is quite a lot of information) (我在此处提供链接而不是在此处重述信息,因为其中包含很多信息)
1 个解决方案
解决方案1
4 已采纳 2017-04-04 21:38:19
Heroku have confirmed that: Heroku已确认:
To use apex domains, we recommend switching to a DNS provider that support CNAME-like functionality for apex domains, such as Cloudflare, and then re-enabling ACM.
This is documented on their site here: https://devcenter.heroku.com/articles/custom-domains#configuring-dns-for-root-domains 这在他们的网站上有记录: https : //devcenter.heroku.com/articles/custom-domains#configuring-dns-for-root-domains
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.