By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

my website is not open www.bdmhospital.com/

0

but still open https://bdmhospital.com/ on this link plz help me to solve this problem

  • ab
    a year ago

    to better answer please elaborate. Are you using Route53? How do you host your website? What are your current DNS records? What is your current certificate for HTTPS, with the alternate names SAN?

Topics
Networking & Content Delivery
Tags
Amazon Route 53AWS Academy
Language
English
rePost-User-7109390
asked a year ago319 views
2 Answers
1

It appears that you are using Amazon Route 53 for your DNS management. Check your DNS configuration settings in the Route 53 console to ensure that both the "www" and non-"www" versions of your domain are properly set up and pointing to the correct resources. Verify that the "www" record is correctly configured to point to the same IP address or resource as the non-"www" record.

If you have an SSL certificate installed on your website, verify that it covers both the "www" and non-"www" versions of your domain. If the certificate is only configured for "https://bdmhospital.com/" and not "www.bdmhospital.com," it could cause issues when accessing the "www" version.

Ensure that your website's configuration is correctly set up to handle requests for both the "www" and non-"www" versions of your domain. Check your web server settings to ensure that both variations are properly configured.

profile picture
EXPERT
Sedat Salman
answered a year ago
1

Your DNS looks alright, the naked domain and the www address both resolve to the same IPs:

$ getent hosts www.bdmhospital.com
18.155.86.13    www.bdmhospital.com
18.155.86.49    www.bdmhospital.com
18.155.86.126   www.bdmhospital.com
18.155.86.38    www.bdmhospital.com
$ getent hosts bdmhospital.com
18.155.86.126   bdmhospital.com
18.155.86.13    bdmhospital.com
18.155.86.49    bdmhospital.com
18.155.86.38    bdmhospital.com
$

Doing a reverse lookup on the IP addresses (I'll only show one here to save space) tells us you're using CloudFront (this is going to be helpful for troubleshooting in a moment):

$ getent hosts 18.155.86.13
18.155.86.13    server-18-155-86-13.mel52.r.cloudfront.net

In a browser I can hit the non-www name, and can query the cert from the command line:

$ openssl s_client -connect bdmhospital.com:443 -showcerts | head
depth=2 C = US, O = Amazon, CN = Amazon Root CA 1
verify return:1
depth=1 C = US, O = Amazon, CN = Amazon RSA 2048 M02
verify return:1
depth=0 CN = bdmhospital.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:CN = bdmhospital.com
   i:C = US, O = Amazon, CN = Amazon RSA 2048 M02
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Feb 21 00:00:00 2023 GMT; NotAfter: Dec 23 23:59:59 2023 GMT
-----BEGIN CERTIFICATE-----
MIIFzDCCBLSgAwIBAgIQC84CgwA20Ty9rVHaMTPDODANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
^C

But on the www name my browser gives me "Error code: SSL_ERROR_NO_CYPHER_OVERLAP" and the command line says:

$ openssl s_client -connect www.bdmhospital.com:443 -showcerts | head
20C0F3B6:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1605:SSL alert number 40
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 323 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)

Here's your problem, when somebody hits your www name you don't have a cert to send them.

We can get a response from the www address by explicitly setting servername to be the non-www address (not that this is much of a help in a browser):

$ openssl s_client -connect www.bdmhospital.com:443 -servername bdmhospital.com -showcerts | head
depth=2 C = US, O = Amazon, CN = Amazon Root CA 1
verify return:1
depth=1 C = US, O = Amazon, CN = Amazon RSA 2048 M02
verify return:1
depth=0 CN = bdmhospital.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:CN = bdmhospital.com
   i:C = US, O = Amazon, CN = Amazon RSA 2048 M02
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Feb 21 00:00:00 2023 GMT; NotAfter: Dec 23 23:59:59 2023 GMT
-----BEGIN CERTIFICATE-----
MIIFzDCCBLSgAwIBAgIQC84CgwA20Ty9rVHaMTPDODANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
^C

Long story short, I think you need to create a brand new cert for the naked domain, with the www address as a Server Alternate Name. And then associate this new cert with the CloudFront distribution.

Details for how to do this are here https://www.youtube.com/watch?v=AY0iJyCOkOc

profile picture
EXPERT
Steve_M
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content