my website is not open www.bdmhospital.com/

0

but still open https://bdmhospital.com/ on this link plz help me to solve this problem

  • to better answer please elaborate. Are you using Route53? How do you host your website? What are your current DNS records? What is your current certificate for HTTPS, with the alternate names SAN?

質問済み 1年前331ビュー
2回答
1

It appears that you are using Amazon Route 53 for your DNS management. Check your DNS configuration settings in the Route 53 console to ensure that both the "www" and non-"www" versions of your domain are properly set up and pointing to the correct resources. Verify that the "www" record is correctly configured to point to the same IP address or resource as the non-"www" record.

If you have an SSL certificate installed on your website, verify that it covers both the "www" and non-"www" versions of your domain. If the certificate is only configured for "https://bdmhospital.com/" and not "www.bdmhospital.com," it could cause issues when accessing the "www" version.

Ensure that your website's configuration is correctly set up to handle requests for both the "www" and non-"www" versions of your domain. Check your web server settings to ensure that both variations are properly configured.

profile picture
エキスパート
回答済み 1年前
1

Your DNS looks alright, the naked domain and the www address both resolve to the same IPs:

$ getent hosts www.bdmhospital.com
18.155.86.13    www.bdmhospital.com
18.155.86.49    www.bdmhospital.com
18.155.86.126   www.bdmhospital.com
18.155.86.38    www.bdmhospital.com
$ getent hosts bdmhospital.com
18.155.86.126   bdmhospital.com
18.155.86.13    bdmhospital.com
18.155.86.49    bdmhospital.com
18.155.86.38    bdmhospital.com
$

Doing a reverse lookup on the IP addresses (I'll only show one here to save space) tells us you're using CloudFront (this is going to be helpful for troubleshooting in a moment):

$ getent hosts 18.155.86.13
18.155.86.13    server-18-155-86-13.mel52.r.cloudfront.net

In a browser I can hit the non-www name, and can query the cert from the command line:

$ openssl s_client -connect bdmhospital.com:443 -showcerts | head
depth=2 C = US, O = Amazon, CN = Amazon Root CA 1
verify return:1
depth=1 C = US, O = Amazon, CN = Amazon RSA 2048 M02
verify return:1
depth=0 CN = bdmhospital.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:CN = bdmhospital.com
   i:C = US, O = Amazon, CN = Amazon RSA 2048 M02
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Feb 21 00:00:00 2023 GMT; NotAfter: Dec 23 23:59:59 2023 GMT
-----BEGIN CERTIFICATE-----
MIIFzDCCBLSgAwIBAgIQC84CgwA20Ty9rVHaMTPDODANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
^C

But on the www name my browser gives me "Error code: SSL_ERROR_NO_CYPHER_OVERLAP" and the command line says:

$ openssl s_client -connect www.bdmhospital.com:443 -showcerts | head
20C0F3B6:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1605:SSL alert number 40
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 323 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)

Here's your problem, when somebody hits your www name you don't have a cert to send them.

We can get a response from the www address by explicitly setting servername to be the non-www address (not that this is much of a help in a browser):

$ openssl s_client -connect www.bdmhospital.com:443 -servername bdmhospital.com -showcerts | head
depth=2 C = US, O = Amazon, CN = Amazon Root CA 1
verify return:1
depth=1 C = US, O = Amazon, CN = Amazon RSA 2048 M02
verify return:1
depth=0 CN = bdmhospital.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:CN = bdmhospital.com
   i:C = US, O = Amazon, CN = Amazon RSA 2048 M02
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Feb 21 00:00:00 2023 GMT; NotAfter: Dec 23 23:59:59 2023 GMT
-----BEGIN CERTIFICATE-----
MIIFzDCCBLSgAwIBAgIQC84CgwA20Ty9rVHaMTPDODANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
^C

Long story short, I think you need to create a brand new cert for the naked domain, with the www address as a Server Alternate Name. And then associate this new cert with the CloudFront distribution.

Details for how to do this are here https://www.youtube.com/watch?v=AY0iJyCOkOc

profile picture
エキスパート
Steve_M
回答済み 1年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ