5

I am using Namecheap for domain registration and for DNS, and using Heroku for hosting. I have purchased an SSL certificate through Namecheap and set it up with Heroku, and have it nearly working perfectly.

Currently, I have a DNS CNAME record with host "www" pointing to "[whatever].herokussl.com.", and a "@" host record set to URL Redirect (301) to "http://www.[domain].com".

My app itself forces all HTTP traffic to redirect to HTTPS, so "http://www.[domain].com" goes to "https://www.[domain].com".

I am getting the following results:

http://www.[domain].com - properly navigates to site as HTTPS https://www.[domain].com - properly navigates to site as HTTPS http://[domain].com - properly navigates to site as HTTPS https://[domain].com - **does not** navigate to site, and instead the browser cannot find the page

I believe this has to do with how the URL Redirect behaves behind the scenes. I had originally done this as CNAME record pointing directly to "[whatever].herokussl.com.", but apparently doing that on the zone apex blocks MX records...

What do I need to do to get the desired behavior? I simply want all naked or "www" domains to point to my "www" domain.

UPDATE: More information regarding my DNS settings

HOST NAME IP ADDRESS/URL RECORD TYPE --------- -------------- ----------- @ http://www.[domain].com URL Redirect (301) www [whatever].herokussl.com. CNAME (Alias)

My SSL certificate was not a wildcard, just an EssentialSSL certificate from Comodo. I'm fine if only www.[domain].com works (with a redirect from the naked domain), although when I was using a CNAME for both the apex and "www", it was working as a naked domain with SSL just fine.

Improve this question

1 Answer 1

Reset to default
3

If you use DnsSimple, you can use their ALIAS record feature.

The DnsSimple ALIAS record is not a standard DNS record type, and is not the same thing as a CNAME record. Rather, DnsSimple supports it in a special way, by performing the DNS resolution for you and returning to your browser the results. This is different from all other DNS records, where the DNS server performs no processing but simply returns the record to your browser on-demand.

There may be other DNS vendors with their own similar features.

However, with only vanilla DNS, HTTP-only 3xx's from your nameserver, and Heroku, there is no way to get SSL to the zone apex (the domain name with no www.).

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

That sounds great! I will likely switch over to DNSSimple when I'm closer to "go live" (since it's cheap, but not free). For now, I can live with 3 out of 4 possibilities working.
This did indeed work. I have an ALIAS record at the root pointing to the Heroku SSL URL, as well as a CNAME at "www" pointing at the same URL.
No other solution to this for those who'd prefer not to switch to DNSSimple? One would think there'd be a better solve for this by now!
you can also use cloudFlare since they implemented flattened CNAME records
Just a heads up for other people winding up here: Namecheap now supports ALIAS

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.