No worries :) Glad to help increase security on the web by adding another Site with good TLS :)
On Fri, Jun 9, 2017 at 10:06 AM, Sankar P <sankar.curios...@gmail.com> wrote: > Thank you so much Axel Wagner. I was able to get everything working, once > I added the A record. Everything worked so magically together correctly :) > > 2017-06-07 23:33 GMT+05:30 Axel Wagner <axel.wagner...@googlemail.com>: > >> On Wed, Jun 7, 2017 at 7:22 PM, Sankar P <sankar.curios...@gmail.com> >> wrote: >> >>> >>> 2017-06-06 22:52 GMT+05:30 Axel Wagner <axel.wagner...@googlemail.com>: >>> >>>> tl;dr: You need a) a publicly routed IP address (either IPv4 or IPv6 is >>>> fine), b) a publicly resolvable domain that points to that IP address and >>>> c) actually point your client (browser) to that domain. >>> >>> >>> a) I created an AWS VM with a public-ip address. I verified that the >>> machine is accesible by ssh-ing into it. >>> b) In my domain name provider (Gandi, if it matters), I added a >>> web-forwarding rule to forward all incoming requests to >>> http://api.mydomain.com to https://public-ip >>> >> >> This doesn't sound right. It seems that this would imply a) that your >> DNS-provider actually does HTTP proxying, which is definitely *not* what >> you want, you want to terminate the connection yourself and b) that your >> server still doesn't get an HTTP handshake for the Domain, as your client >> doesn't do the HTTP handshake with your server, but with the server of your >> DNS provider. >> >> You want to set up an A/AAAA record for api.mydomain.com to point to >> your public IP. >> >> For testing, what Jim suggested below (entering the IP address into your >> host-file, or the local DNS cache of your router, for example) would also >> work. But you need to actually set up DNS to point to your server. >> >> >>> c) I ran a go server with that magical line: log.Fatal(http.Serve(aut >>> ocert.NewListener("mydomain.com <http://example.com/>"), handler)) >>> in that public-ip >>> >> >> Note, that "api.mydomain.com" and "mydomain.com" are different domains. >> You need to list the same domains as arguments to NewListener as you are >> creating records for. >> >> If you want, feel free to send me your actual domain name off-list and I >> could verify, that you set it up correctly. >> >> BTW, note that none of these problems is specific to LetsEncrypt or the >> autocert package; you'd also need a correct DNS setup and everything if >> you'd use any other SSL certificate provider. >> >> >>> >>> Now if I try to access http://api.mydomain.com then I am not able to >>> reach this server, nor do I get any mail from letsencrypt about >>> certificates. What should I be doing extra ? >>> >>> Thank you everyone for the responses. >>> >>> >>> -- >>> Sankar P >>> http://psankar.blogspot.com >>> >> >> > > > -- > Sankar P > http://psankar.blogspot.com > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
