SSL Troubleshooting

The purpose of this document is to allow DevHub Partners insight into the best practices for securing web experiences with HTTPS using our technology.

Domain registered and valid

Domain URL Character Limitations

SSL Certificates total length of domain including the sub-domain must be less than 64 characters otherwise SSL will not generate. You can use the following site as a resource to quickly check the character length of the URL, just be sure to include the subdomain, domain, and TLD - no slug is needed. https://wordcounter.net/character-count Example of how to enter subdomain, domain, and tld for character length checking: www.google.com If you accidentally publish a domain that violates this character length limit, then you will need to publish a revised domain while ensuring HTTPS is enabled. After an hour if it is still an issue; you can submit a support ticket for our team to check to see if we notice any issues preventing the site from provisioning. In some cases, our support team may need to clear out the old SSL certificate that was not fully provisioned in order to secure the site after publishing the site that violates the character limit.

Domain Expiration

Domain expiration causes the web hosting to disable Nameservers and DNS for interruption of service. The domain would need to be renewed before the hosting removes the domain and puts it up for auction following ICANN policies affecting web hosts. https://www.icann.org/resources/pages/domain-name-renewal-expiration-faqs-2018-12-07-en Domains that have exceeded those ICANN timelines would need to be repurchased and set up with the proper DNS settings to be capable of publishing again. We are unable to assist with these matters if we are not the registrar for the domain.

Domain Registrant Verification

We have seen instances where domain registrant verification can cause the web hosting/registrar to intentionally prevent propagation of both the Nameservers and DNS entries for domains. This is due to the ICANN regulations which require domain contacts to be verified at registration and every time when the contact info for the domain is updated. https://www.icann.org/resources/pages/contact-verification-2013-05-03-en Here are various resources for the web hosting/registrars we use and their documentation regarding Domain Registrant Verification: https://www.name.com/support/articles/205188218-Account-and-Domain-Verification https://help.opensrs.com/hc/en-us/articles/203243643-Registrant-Verification-FAQs https://help.enom.com/hc/en-us/articles/115003362687-Verifying-registrant-contact-information We are unable to assist with these matters if we are not the registrar for the domain.

DNS pointed and resolving

Pointing domains not currently hosted by DevHub

The whitelabel in which you are publishing sites from has a specific IP address that has to be included in the DNS settings by non DevHub hosted domains. If the domain’s registrar or web hosting provider is operated or controlled by the Partner or Client, they will need to point to our servers to deliver the published web experience from our technology. If the DNS is not properly configured this will cause the site to not go live or secure properly with SSL encryption. The specific IP address you will need will depend on which whitelabel in which you are publishing. You request the IP address you need from support. The IP address for pointing those domains would need to be set up as an A record. If hosting on a primary domain (example.com), both the WWW version as well as the non WWW version of the site would need to be pointed to that whitelabel IP address as requirements for SSL.

Subdomain DNS approach

If you want to host multiple sites or proxies as subdomains of a main domain that you own (i.e. customer1.yourdomain.com and customer2.yourdomain.com), we would suggest creating a CNAME wildcard from *.example.com to <whitelabel>.cloudbackend.net which would allow you to publish as many sites as you want under that domain.

Multi-level Subdomains

Our technology does not allow for multiple subdomains to be used at once, this would cause problems with SSL provisioning. Example: store.music.company.com Notice the use of two levels of subdomain (separated by periods) on top of the company.com domain. If there is an issue with SSL generation, you could check the domain for this issue before submitting a support request.

DNS Checking

Checking if DNS entries were added correctly for domains DevHub is not hosting would be a best practice for launching new experiences and troubleshooting issues with live experiences. Please note - if you have made any changes to the DNS settings you will have to wait upwards of 24hrs for the updated entries to propagate across the globe. This propagation time will affect sites going live and securing until it is fully propagated. You can use the following resources for DNS checking: DNS Propagation Lookup - This tool will check multiple places across the globe to see if the DNS is resolving to our servers. https://dnschecker.org/ Checking existing records on a domain: https://dnschecker.org/all-dns-records-of-domain.php

AAAA Records

We have seen instances on domains we are not hosting get misconfigured by including an AAAA DNS record which can cause interruption of service or issues with securing HTTPS. AAAA records are picked up during SSL provisioning and could be pointed elsewhere.

For domains DevHub is not the registrar, it is important to ensure that this type of DNS record is removed and not added to the DNS configuration.

Reset DNS Zone

In the builder within the domains tab there is an option for each domain called Reset DNS Zone. This allows for our system to reinitialize recognized DNS entries specific to the whitelabel for the domain if we are the registrar. You can use this option if your team identifies an issue with an experience where the DNS entries were not set on a domain when it was registered. You can use the following resource to check this by entering the domain URL into the DNS lookup service. https://dnschecker.org/all-dns-records-of-domain.php

After identifying missing DNS records your team can attempt to use the Reset DNS Zone feature in the builder for that domain within the domain tab. If the experience does not successfully publish or secure afterwards you can submit a ticket for our support team to investigate and resolve the issue.

SSL Enabled

Enabling HTTPS in the site builder and Project Sheets

In order to secure a DevHub experience you will need to configure that domain by enabling HTTPS in either the site builder or in a managed project sheet. For the site builder the process will vary slightly depending on if this is a site or a proxy experience. For sites while you are within the business tab, you will need to click the dropdown menu and select open builder on the site you wish to secure. Next you will need to click the site dropdown at the top of the builder, and then settings. The business details row will have the other details menu which inside contains the option to enable HTTPS. For proxies while you are within the business tab, you will need to click the dropdown menu and select edit proxy. Directly under where you would input what the domain name should be for the proxy is the option to secure HTTPS. For securing an experience using a managed project sheet you will need to visit the enrollment tab, there is a field for HTTPS in which you can enable by adding a yes to it which will affect the experience that is tied to that specific row.

Last updated