Thank you so much Axel Wagner. I was able to get everything working, once I added the A record. Everything worked so magically together correctly :)
2017-06-07 23:33 GMT+05:30 Axel Wagner <axel.wagner...@googlemail.com>: > On Wed, Jun 7, 2017 at 7:22 PM, Sankar P <sankar.curios...@gmail.com> > wrote: > >> >> 2017-06-06 22:52 GMT+05:30 Axel Wagner <axel.wagner...@googlemail.com>: >> >>> tl;dr: You need a) a publicly routed IP address (either IPv4 or IPv6 is >>> fine), b) a publicly resolvable domain that points to that IP address and >>> c) actually point your client (browser) to that domain. >> >> >> a) I created an AWS VM with a public-ip address. I verified that the >> machine is accesible by ssh-ing into it. >> b) In my domain name provider (Gandi, if it matters), I added a >> web-forwarding rule to forward all incoming requests to >> http://api.mydomain.com to https://public-ip >> > > This doesn't sound right. It seems that this would imply a) that your > DNS-provider actually does HTTP proxying, which is definitely *not* what > you want, you want to terminate the connection yourself and b) that your > server still doesn't get an HTTP handshake for the Domain, as your client > doesn't do the HTTP handshake with your server, but with the server of your > DNS provider. > > You want to set up an A/AAAA record for api.mydomain.com to point to your > public IP. > > For testing, what Jim suggested below (entering the IP address into your > host-file, or the local DNS cache of your router, for example) would also > work. But you need to actually set up DNS to point to your server. > > >> c) I ran a go server with that magical line: log.Fatal(http.Serve(aut >> ocert.NewListener("mydomain.com <http://example.com/>"), handler)) >> in that public-ip >> > > Note, that "api.mydomain.com" and "mydomain.com" are different domains. > You need to list the same domains as arguments to NewListener as you are > creating records for. > > If you want, feel free to send me your actual domain name off-list and I > could verify, that you set it up correctly. > > BTW, note that none of these problems is specific to LetsEncrypt or the > autocert package; you'd also need a correct DNS setup and everything if > you'd use any other SSL certificate provider. > > >> >> Now if I try to access http://api.mydomain.com then I am not able to >> reach this server, nor do I get any mail from letsencrypt about >> certificates. What should I be doing extra ? >> >> Thank you everyone for the responses. >> >> >> -- >> Sankar P >> http://psankar.blogspot.com >> > > -- Sankar P http://psankar.blogspot.com -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
