Whether your DNS entry uses a CNAME or an A record doesn&#39;t matter. What matters is the host name the client is trying to connect to. It must match one of the Subject Alternative Names in the certificate of the server providing that resource (or, failing that, it must match the CN RDN of the cert&#39;s Subject DN).

If `https://www.example.com` embeds an image to `https://assets.example.com` (providing both are served over HTTPS with valid certificates for each) and if there is no mixed content (no resource loaded over `http://`, that is no JavaScript, no image, no iframe, ...) then you should get the green/blue bar as appropriate.

If `assets.example.com` is a CNAME to `assets.example2.com` and the requests are made to `https://assets.example.com`, this machine must present a certificate valid for `assets.example.com` to the client.

----

In addition, if multiple certificates need to be used at the same time on this IP address (and same port), support for Server Name Indication (SNI) may be required.

Alternatively, having a single certificate that supports all these names, typically via multiple Subject Alternative Name (SANs) entries, or possibly via wildcard names (which are [not recommended](https://www.rfc-editor.org/rfc/rfc6125#section-7.2)), may be used.

This is independent of the DNS resolution mechanism (CNAME or A record).

I&#39;m plotting the figure below using R&#39;s `plot()` function. It is a plot of a vector `shiftTime` of shift in time. I have another vector `intensity` of the intensity values ranging from ~3 to ~9. I want to color my points in the plot based on those values with a color gradient. The examples I can find color on the value of the actual plotted points, so in this case the values of the vector `shiftTime`. Is it also possible to use a different vector, as long as the corresponding values are on the same index?

![plot][1]

  [1]: http://i.stack.imgur.com/izP4B.png

Colour points in a plot differently depending on a vector of values

I have tested this app on the Android emulators, phones, tablets, and Google TV.  Its works.  When I published it Google Play, the app is not visible.  Below is the manifest. I sincerely appreciate any insight as to the problem.   Thank- you.

    &lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;
    &lt;manifest xmlns:android=&quot;http://schemas.android.com/apk/res/android&quot;
        package=&quot;com.zzzz.xyzxyz&quot;
        android:installLocation=&quot;internalOnly&quot;
        android:versionCode=&quot;4&quot;
        android:versionName=&quot;1.4&quot; &gt;
        &lt;uses-sdk
            android:minSdkVersion=&quot;8&quot;
            android:targetSdkVersion=&quot;15&quot; /&gt;
        &lt;uses-feature
            android:name=&quot;android.hardware.touchscreen&quot;
            android:required=&quot;false&quot; /&gt;
        &lt;uses-feature
            android:name=&quot;android.hardware.microphone&quot;
            android:required=&quot;false&quot; /&gt;
        &lt;uses-permission android:name=&quot;android.permission.WRITE_SETTINGS&quot; /&gt;
        &lt;uses-permission android:name=&quot;android.permission.RECORD_AUDIO&quot; /&gt;
        &lt;uses-permission android:name=&quot;android.permission.WRITE_EXTERNAL_STORAGE&quot; /&gt;
        &lt;uses-permission android:name=&quot;android.permission.READ_PHONE_STATE&quot; /&gt;
        &lt;supports-screens
            android:anyDensity=&quot;true&quot;
            android:largeScreens=&quot;true&quot;
            android:normalScreens=&quot;true&quot;
            android:resizeable=&quot;true&quot;
            android:smallScreens=&quot;true&quot; /&gt;
        &lt;application
            android:icon=&quot;@drawable/ic_launcher&quot;
            android:label=&quot;@string/app_name&quot; &gt;
            &lt;activity
                android:name=&quot;.AlbumSelectorActivity&quot;
                android:label=&quot;@string/app_name&quot;
                android:launchMode=&quot;singleTask&quot; &gt;
                &lt;intent-filter&gt;
                    &lt;action android:name=&quot;android.intent.action.MAIN&quot; /&gt;
                    &lt;category android:name=&quot;android.intent.category.DEFAULT&quot; /&gt;
                    &lt;category android:name=&quot;android.intent.category.LAUNCHER&quot; /&gt;
                &lt;/intent-filter&gt;
            &lt;/activity&gt;
            &lt;activity
                android:name=&quot;xyzxyzAppWidgetActivity&quot;
                android:noHistory=&quot;true&quot; &gt;
            &lt;/activity&gt;
            &lt;activity
                android:name=&quot;.SelectableImagesActivity&quot;
                android:noHistory=&quot;true&quot; &gt;
            &lt;/activity&gt;
            &lt;activity
                android:name=&quot;.SelectedImageActivity&quot;
                android:noHistory=&quot;true&quot;
                android:windowSoftInputMode=&quot;stateHidden|adjustResize&quot; &gt;
            &lt;/activity&gt;
            &lt;activity
                android:name=&quot;.ReplayAlbumActivity&quot;
                android:noHistory=&quot;true&quot;
                android:windowSoftInputMode=&quot;stateAlwaysHidden|adjustResize&quot; &gt;
            &lt;/activity&gt;
            &lt;activity android:name=&quot;.PreferenceHelpActivity&quot; &gt;
                &lt;category android:name=&quot;android.intent.category.PREFERENCE&quot; &gt;
                &lt;/category&gt;
            &lt;/activity&gt;
            &lt;activity android:name=&quot;.PreferenceSettingsActivity&quot; &gt;
                &lt;category android:name=&quot;android.intent.category.PREFERENCE&quot; &gt;
                &lt;/category&gt;
            &lt;/activity&gt;
            &lt;service android:name=&quot;.ReplayAlbumService&quot; &gt;
                &lt;intent-filter&gt;
                    &lt;action android:name=&quot;com.zzzz.xyzxyz.ReplayAlbumService&quot; /&gt;
                &lt;/intent-filter&gt;
            &lt;/service&gt;
            &lt;activity
                android:name=&quot;.xyzxyzAppWidgetConfigureActivity&quot;
                android:icon=&quot;@drawable/ic_launcher&quot;
                android:label=&quot;@string/appwidget_name&quot; &gt;
                &lt;intent-filter&gt;
                    &lt;action android:name=&quot;android.appwidget.action.APPWIDGET_CONFIGURE&quot; /&gt;
                &lt;/intent-filter&gt;
            &lt;/activity&gt;
            &lt;receiver
                android:name=&quot;.xyzxyzAppWidgetProvider&quot;
                android:icon=&quot;@drawable/ic_launcher&quot;
                android:label=&quot;@string/appwidget_name&quot; &gt;
                &lt;intent-filter&gt;
                    &lt;action android:name=&quot;android.appwidget.action.APPWIDGET_UPDATE&quot; /&gt;
                &lt;/intent-filter&gt;
                &lt;meta-data
                    android:name=&quot;android.appwidget.provider&quot;
                    android:resource=&quot;@xml/appwidget_provider&quot; /&gt;
            &lt;/receiver&gt;
        &lt;/application&gt;
    &lt;/manifest&gt;

Android app is published, but not visible anywhere in Google Play

If I go to www.example.com which has an image on the page that links to assets.example.com which is a CNAME for assets.example2.com. 

Will I get the green lock even if assets.example2.com does not have a certificate, but assets.example.com does?

CNAME SSL certificates

<p>If I go to <a href="http://www.example.com" target="_blank" rel="noopener noreferrer">www.example.com</a> which has an image on the page that links to assets.example.com which is a CNAME for assets.example2.com.</p>
<p>Will I get the green lock even if assets.example2.com does not have a certificate, but assets.example.com does?</p>


Running the following code, I get an exception:

    using (var client = new Pop3Client())
    {
        client.Connect(provider.ServerWithoutPort, provider.Port, true);
    }

The Exception I get:

    The remote certificate is invalid according to the validation procedure.
    
    
       at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
       at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
       at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
       at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
       at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl, Int32 receiveTimeout, Int32 sendTimeout, RemoteCertificateValidationCallback certificateValidator)
       at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl)
       at Ugi.Server.Sources.Logic.SourcesService.IsValidPop3Connection(String email, String emailPassword) in C:\Users\elad\Documents\Visual Studio 2010\Projects\SVN\UGI\Ugi\Server\Sources\Logic\SourcesService.cs:line 246

The remote certificate is invalid according to the validation procedure

I am new to Curl and Cacerts world and facing a problem while connecting to a server.
Basically, I need to test connectivity over https from one machine to another machine.
I have a URL to which I need to connect from Machine A (a linux machine)
I tried this on command prompt

    cmd&gt; curl https://[my domain or IP address]

 and got the following:

    curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

On going through some articles over internet I did this:

    openssl s_client -connect &lt;domain name or Ip address&gt;:443

 and got some response including the
server certificate (inside `-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----`).


What should I do next from here. I think, I will have to just copy paste the text inside
`BEGIN CERTIFICATE &amp; END CERTIFICATE` and save it in a file.
But, 
What type of file it should be? `.pem`, `.crt` ?..
What should I be do after that?

I tried this - copied the text inside `BEGIN CERTIFICATE &amp; END CERTIFICATE` and saved it in a `.crt` file  - named it as `my-ca.crt` (also tried the same thing by naming it as `my-ca.pem` file)
and then did this:

    cmd&gt;curl --cacert my-ca.crt https://[my domain or IP address]

But got the same error.


https connection using CURL from command line

I&#39;m adding HTTPS support to an embedded Linux device. I have tried to generate a self-signed certificate with these steps:

    openssl req -new &gt; cert.csr
    openssl rsa -in privkey.pem -out key.pem
    openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 1001
    cat key.pem&gt;&gt;cert.pem

This works, but I get some errors with, for example, Google Chrome:

&gt; This is probably not the site you are looking for!&lt;br&gt;
&gt; The site&#39;s security certificate is not trusted!

Am I missing something? Is this the correct way to build a self-signed certificate?


How to generate a self-signed SSL certificate using OpenSSL?

When I run `bundle install` for my Rails 3 project on Centos 5.5 it fails with an error:

    Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 
    read server certificate B: certificate verify failed 
    (https://bb-m.rubygems.org/gems/multi_json-1.3.2.gem)
    An error occured while installing multi_json (1.3.2), and Bundler cannot continue.
    Make sure that `gem install multi_json -v &#39;1.3.2&#39;` succeeds before bundling.

When I try to install the gem manually (by `gem install multi_json -v &#39;1.3.2&#39;`) it works. The same problem occurs with several other gems. I use RVM (1.12.3), ruby 1.9.2, bundler 1.1.3. 

How to fix it?

bundle install fails with SSL certificate verification error

I am invoking HTTPS SOAP web service through java code. I have already imported self-signed certificate in jre cacerts keystore. Now I am getting :

    com.sun.xml.internal.ws.com.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

The hostname of the service URL is not matching that of the CN provided in cert. I read about a workaround of defining a custom Hostname verifier [here][1]. But i cant able to make where I should implement the workaround in my code.


  [1]: http://docs.oracle.com/cd/E17904_01/web.1111/e13734/proxy.htm


    public SOAPMessage invokeWS(WSBean bean) throws Exception {
	
		SOAPMessage response=null;
		try{
		
		/** Create a service and add at least one port to it. **/
		String targetNameSpace = bean.getTargetNameSpace();
		String endpointUrl = bean.getEndpointUrl();
		QName serviceName = new QName(targetNameSpace, bean.getServiceName());
		QName portName = new QName(targetNameSpace, bean.getPortName());
		String SOAPAction = bean.getSOAPAction();
		HashMap&lt;String, String&gt; map = bean.getParameters();
		
		
		Service service = Service.create(serviceName);
		service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, endpointUrl);
		
		/** Create a Dispatch instance from a service. **/
		Dispatch dispatch = service.createDispatch(portName, SOAPMessage.class,
				Service.Mode.MESSAGE);

		// The soapActionUri is set here. otherwise we get a error on .net based
		// services.
		dispatch.getRequestContext().put(Dispatch.SOAPACTION_USE_PROPERTY,
				new Boolean(true));
		dispatch.getRequestContext().put(Dispatch.SOAPACTION_URI_PROPERTY,
				SOAPAction);
		
		/** Create SOAPMessage request. **/
		// compose a request message
		MessageFactory messageFactory = MessageFactory.newInstance();
		SOAPMessage message = messageFactory.createMessage();

		// Create objects for the message parts
		SOAPPart soapPart = message.getSOAPPart();
		SOAPEnvelope envelope = soapPart.getEnvelope();
		SOAPBody body = envelope.getBody();

		SOAPElement bodyElement = body.addChildElement(bean.getInputMethod(),
				bean.getPrefix(), bean.getTargetNameSpace());
		
                 ...more code to form soap body goes here

		// Print request
		message.writeTo(System.out);

		// Save the message
		message.saveChanges();

		response = (SOAPMessage)dispatch.invoke(message);
		}
		catch (Exception e) {
			log.error(&quot;Error in invokeSiebelWS :&quot;+e);
		}
		return response;
	}

Please ignore WSBean parameter as the namespaces and other wsdl attributes are coming from this bean. And if this exception can solved with some different workarounds, pls do suggest.

SSLHandshakeException: No subject alternative names present

Since setting up my development environments on Mac OS X Lion (brand new macbook air purchased in January 2012), I have noticed that resolving to a virtual host is very slow (around 3 seconds) the first time but after that is fast as long as I continue loading it regularly.

If I leave it untouched for a couple of minutes and then reload again, the first reload is (again) painfully slow; seems like something is being cached. 

As can be seen below I am not using the .local TLD.

My setup: Apache 2 - MySQL - PHP installed and enabled - added a couple of virtual hosts one of which I created for localhost

My /etc/hosts:

    127.0.0.1       localhost
    255.255.255.255 broadcasthost
    ::1             localhost
    fe80::1%lo0     localhost
    127.0.0.1       myproject.dev
    ::1             myproject.dev
    fe80::1%lo0     myproject.dev


My virtual host set-up in username.conf: 

    NameVirtualHost *:80
    
    &lt;Directory &quot;/Users/myusername/Sites/&quot;&gt;
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    &lt;/Directory&gt;
    
    &lt;VirtualHost *:80&gt;
        ServerName localhost
        DocumentRoot /Users/myusername/Dropbox/dev_envs/
    &lt;/VirtualHost&gt;
    &lt;VirtualHost *:80&gt;
        ServerName myproject.dev
        DocumentRoot /Users/myusername/Dropbox/dev_envs/myprojectname
    &lt;/VirtualHost&gt;



How can I eliminate slow resolving/loading of localhost/virtualhost (a 2-3 second lag) on Mac OS X Lion?

I&#39;m trying to setup forwarding in Amazon Route53.  My last DNS service (Nettica) allowed me to route requests to &quot;aws.example.com&quot; to &quot;https://myaccount.signin.aws.amazon.com/console/&quot;.

Is this functionality supported by Route53?

How does Nettica achieve this?  Does it insert a special A, CNAME, PTR, or TXT record(s)?

Set up DNS based URL forwarding in Amazon Route53

For example, when we connect to `www.example.com`, at first we try to connect to `192.0.2.1`. And if first try fails, then we try `192.0.2.222`.

Is it possible? Can we register multiple backup IP addresses for one domain name?

Is it possible that one domain name has multiple corresponding IP addresses?

Is it possible to use .htaccess to rewrite a sub domain to a directory?

Example:


- http://sub.domain.com/ 

shows the content of 

- http://domain.com/subdomains/sub/

.htaccess rewrite subdomain to directory

I want to have one user page and multiple project pages hosted by [GitHub Pages](http://help.github.com/pages) but available under **ONE** custom domain (with subdomains for each GitHub Pages repository, of course). So my goals are as follows:

* One user page (&lt;http://florianwolters.github.com&gt;) available under &lt;http://blog.florianwolters.de&gt;, &lt;http://www.florianwolters.de&gt; and &lt;http://florianwolters.de&gt;.
* As many project pages as I wish (e.g. &lt;http://florianwolters.github.com/pear&gt; available under &lt;http://pear.florianwolters.de&gt;.

As of my current understanding, GitHub Pages do only allow **ONE** CNAME resource record for a page (both user pages and project pages) defined in the `CNAME` file in the root of a Git repository.
I already tried out many things (playing around with DNS records and header redirects at my domain provider [EUserv](http://euserv.com), but I can only access my GitHub user pages under one URL (&lt;http://blog.florianwolters.de&gt;). I am aware that DNS changes can take up until two days.

Can somebody explain to me, how I can achieve the goals described above? I can not believe that this is not possible but I am also no expert for DNS, etc.

If the above is not possible: What is your suggested workaround? I do want to access all my GitHub pages under one domain (and the subdomains of that domain).

# Resources

* http://help.github.com/pages/
* https://stackoverflow.com/questions/9082499/custom-domain-for-github-project-pages
* https://groups.google.com/forum/?fromgroups#!topic/github/AaAuoDK44Ag
* https://github.com/blog/315-cname-support-for-github-pages
* http://code.lancepollard.com/custom-domain-github-pages

Multiple GitHub Pages and custom domains via DNS

I had problems while &quot;archiving&quot; my app. I think there are invalid profiles because of iPhone Update to 5.1 and XCode update to 4.2.2.

I&#39;ve taken now more than 4 hours to get rid of certification issues while using this thread step by step 3 times (which costs a lot of time):

https://stackoverflow.com/questions/2714517/a-valid-signing-identity-matching-this-profile-could-not-be-found-in-your-ke

I still have the following fault:
![XCode certification error][1]

No identities were available
An administrator must request identities before they can be downloaded.

The &quot;Download identities&quot; button went back to this window after processing some seconds.


Do you know how to get out of this wood of certification documentations and solve that fault?

  [1]: http://i.stack.imgur.com/MXrOH.png

No identities were available - administrator request

I&#39;m working on a server in a distributed application that has browser clients and also participates in server-to-server communication with a 3rd party.
My server has a CA-signed certificate to let my clients connect using TLS (SSL) communication using HTTP/S and XMPP(secure).  That&#39;s all working fine.

Now I need to securely connect to a 3rd party server using JAX-WS over HTTPS/SSL. In this communication, my server acts as client in the JAX-WS interation and I&#39;ve a client certificate signed by the 3rd party. 

I tried adding a new keystore through the standard system configuration (`-Djavax.net.ssl.keyStore=xyz`) but my other components are clearly affected by this.  Although my other components are using dedicated parameters for their SSL configuration (`my.xmpp.keystore=xxx, my.xmpp.truststore=xxy, ...`), it seems that they end up using the global `SSLContext`.  (The configuration namespace `my.xmpp.` seemed to indicate separation, but it&#39;s not the case)

I also tried adding my client certificate into my original keystore, but -again- my other components don&#39;t seem to like it either.

I think that my only option left is to programmatically hook into the JAX-WS HTTPS configuration to setup the keystore and truststore for the client JAX-WS interaction. 

Any ideas/pointers on how to do this? All information I find either uses the `javax.net.ssl.keyStore` method or is setting the global `SSLContext` that -I guess- will end up in the same confilc.  The closest I got to something helpful was this old bug report that requests the feature I need: [Add support for passing an SSLContext to the JAX-WS client runtime][1]


Any takes?


  [1]: http://bugs.sun.com/view_bug.do;jsessionid=329a8cda29e5d3927a6a32edadeb?bug_id=6384251

How to programmatically set the SSLContext of a JAX-WS client?

How do I go about getting the details of the certificate an apk was signed with. I have a bunch of apks signed with different certificates and I am trying to group them based on their certificate. 

I can get the certificate expiry details using the jarsigner and complete my task but I was curious if I can get any more details or extract the public key ( I believe it stored in META-INF/cert.RSA but it&#39;s not readable )

Getting certificate details from an apk

I am trying to figure out how to get the naked domain for my website to redirect to the www domain.  I am using Heroku and have the domain from GoDaddy.  Because of Heroku, my A records are already set up as:

@:  75.101.145.87

@:  75.101.163.44

@:  174.129.25.170	

And my www CNAME points to proxy.heroku.com.

I&#39;ve been looking all over the internet, but can&#39;t find a simple, free answer for how I can do this redirect.  Some answers discuss using paid services, which I don&#39;t want to do, and others talk about going in and modifying Heroku settings, but then don&#39;t really give much explanation.  Right now, if you go to my naked domain, it&#39;s just Heroku saying that no such app exists, while if you go to my www domain it&#39;s my app.

Heroku/GoDaddy: send naked domain to www

I have performed a web search for the question but totally disappointed with the results. The case is to redirect all requests to domain.com to subdomain www.domain.com.

So what I have:

 1. &lt;b&gt;www.domain.com&lt;/b&gt; - main website domain, all client requests should be
    redirected here
 2. &lt;b&gt;domain.com&lt;/b&gt; - another website entry point for
    people not using www prefix, all requests should be redirected to www.domain.com
 3. &lt;b&gt;mydomain.com&lt;/b&gt; - alternative website alias, all
    requests should be redirected to www.domain.com
 4. &lt;b&gt;www.mydomain.com&lt;/b&gt; - for people using www prefix, all requests should be redirected to www.domain.com

I understand this is possible using .htaccess and PHP. But I want to figure out how this can be done using DNS only. I also understand that the result of the DNS query doesn&#39;t change what happens in the HTTP layer so the originally entered domain name will always be the one that&#39;s sent to the web server in the Host. So to rewrite domain.com to www.domain.com I will still need Apache mod_rewrite. But I want to do main part of work with DNS (CNAME and A records).

So the main question is what CNAME and A records each domain above should have?

DNS redirect domain.com to www.domain.com

After all the tough work of migration etc, I just realised that I need to serve the content using CNAME (e.g media.abc.com). The bucket name needs to start with media.abc.com/S3/amazon.com to ensure it works perfectly. 

I just realised that S3 doesn&#39;t allow direct rename from the console. 

Is there any way to work around this?

How to rename AWS S3 Bucket

So I am trying to get a **custom domain to work with my github pages** user site. I have followed pretty much the standard procedure for doing this as follows: (recommended by github here too: **https://help.github.com/articles/setting-up-an-apex-domain-and-www-subdomain/**). Note I need both the apex domain (example.com) and the www subdomain (www.example.com) to resolve to my github pages user site at username.github.io (the website itself is a **jekyll based blog** and I have checked that it compiles successfully before I started this process)

1. I added an **A record** to my DNS records at the registrar pointing to all of the four IP addresses provided by Github from the apex domain example.com: 
- 185.199.108.153
- 185.199.109.153
- 185.199.110.153
- 185.199.111.153 
2. Next I went in and added a **CNAME record for the www** sub domain pointing to username.github.io
3. And then I finally enabled the custom domain example.com under the settings tab of the repository (under Github Pages &gt; Custom Domain), and also enabled the **Enforce HTTPS** option after it was enabled within about an hour.

I have tried contacting my registrar and they said that everything in the DNS record seem fine and they get the following results: 

A records : 

 example.com.            21460  IN      A      185.199.111.153

 example.com.            21460  IN      A      185.199.109.153

 example.com.            21460  IN      A      185.199.110.153

 example.com.            21460  IN      A      185.199.108.153

CNAME : 

www.example.com.        7199    IN      CNAME  username.github.io.

As expected.

But I still get the following error in github (under the settings tab of the repository): 

&quot;**Domain does not resolve to the GitHub Pages server. For more information, see https://help.github.com/articles/setting-up-a-custom-domain-with-github-pages/.**&quot;

And when I try to access the site by typing either example.com or www.example.com, the browser redirects to https://example.com/ and I get the error (on Chrome):

**ERR_CONNECTION_REFUSED**
  
Note that there is a warning on the documentation by github saying:

**Warning: If your domain has HTTPS enforcement enabled, GitHub Pages&#39; servers will not automatically route redirects. You must configure www subdomain and root domain redirects with your domain registrar.**

I have no idea how to get around this. I suspect this is the possible cause of the issue. So a solution might be to circumvent this redirection, I just do not know how I would do this. 


Content Type	Original Author	Original Content on Stackoverflow
Question	maletor	View Question on Stackoverflow
Solution 1 - Ssl	Bruno	View Answer on Stackoverflow

CNAME SSL certificates

Ssl Problem Overview

Ssl Solutions

Solution 1 - Ssl

Android app is published, but not visible anywhere in Google Play

Colour points in a plot differently depending on a vector of values

Attributions