On Wed, Jun 7, 2017 at 7:22 PM, Sankar P <sankar.curios...@gmail.com> wrote:
> > 2017-06-06 22:52 GMT+05:30 Axel Wagner <axel.wagner...@googlemail.com>: > >> tl;dr: You need a) a publicly routed IP address (either IPv4 or IPv6 is >> fine), b) a publicly resolvable domain that points to that IP address and >> c) actually point your client (browser) to that domain. > > > a) I created an AWS VM with a public-ip address. I verified that the > machine is accesible by ssh-ing into it. > b) In my domain name provider (Gandi, if it matters), I added a > web-forwarding rule to forward all incoming requests to > http://api.mydomain.com to https://public-ip > This doesn't sound right. It seems that this would imply a) that your DNS-provider actually does HTTP proxying, which is definitely *not* what you want, you want to terminate the connection yourself and b) that your server still doesn't get an HTTP handshake for the Domain, as your client doesn't do the HTTP handshake with your server, but with the server of your DNS provider. You want to set up an A/AAAA record for api.mydomain.com to point to your public IP. For testing, what Jim suggested below (entering the IP address into your host-file, or the local DNS cache of your router, for example) would also work. But you need to actually set up DNS to point to your server. > c) I ran a go server with that magical line: log.Fatal(http.Serve( > autocert.NewListener("mydomain.com <http://example.com/>"), handler)) > in that public-ip > Note, that "api.mydomain.com" and "mydomain.com" are different domains. You need to list the same domains as arguments to NewListener as you are creating records for. If you want, feel free to send me your actual domain name off-list and I could verify, that you set it up correctly. BTW, note that none of these problems is specific to LetsEncrypt or the autocert package; you'd also need a correct DNS setup and everything if you'd use any other SSL certificate provider. > > Now if I try to access http://api.mydomain.com then I am not able to > reach this server, nor do I get any mail from letsencrypt about > certificates. What should I be doing extra ? > > Thank you everyone for the responses. > > > -- > Sankar P > http://psankar.blogspot.com > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
