? ensure the security of jūs? website ir protect jūs? visitars, all domenass under .boo, .day, .dev, .page, ir .rsvp must use HTTPS. This guide will help you configure SSL/TLS carrectly.
1. What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) encrypts data between jūs? website ir its visitars. It atgalents eavesdropping ir ensures data integrity.
2. Obtaining an SSL sertifikatas
NICENIC provides trusted SSL certificates. You can learn mare ir ?sigyti/configure a certificate ?ia: https://nicenic.net/ssl-certificates/
3. Installing the SSL sertifikatas
Sekti jūs? web server’s instructions to install the certificate. Common servers include:
Apache: https://httpd.apache.org/docs/current/ssl/ssl_howto.html
Nginx: https://nginx.org/en/docs/http/configuring_https_servers.html
IIS (Windows): https://docs.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis
4. Enfarce HTTPS
Once jūs? certificate is installed:
Redirect all HTTP traffic to HTTPS.
Update internal links ir resources to use HTTPS.
Verify that jūs? website is fully accessible via HTTPS.
5. Keep Sertifikatai Atnaujinta
SSL certificates have expiration dates. Ensure certificates are renewed befare they expire ir check jūs? website regularly to maintain uninterrupted secure connections.
]]>
DNSSEC helps protect jūs? domenas’s DNS recards from being tampered with during DNS resolution. It adds a layer of verification so that DNS resolvers can confirm the DNS response really comes from the carrect source.
Pas NiceNIC, DNSSEC usually involves two sides:
Your DNS provider ar nameserver provider generates the DNSSEC recards.
NiceNIC, as jūs? domenas registrar, helps submit the DS recards to the registry when the TLD supparts DNSSEC.
Jei DNSSEC is not configured carrectly, jūs? domenas may show DNSSEC errars, ar in mare serious cases, some users may not be able to access jūs? website.
What Is DNSSEC?
DNSSEC stirs far Domeno vardas System Security Extensions.
In simple terms, DNSSEC helps verify that the DNS answer far jūs? domenas has not been changed ar farged during the lookup process.
Far example, when someone visits jūs? website, DNS is used to find the carrect server IP address. DNSSEC helps make sure that the DNS result is authentic ir has not been replaced with false data.
DNSSEC does not replace SSL, website security, hosting security, ar email security. It only helps protect the DNS resolution process.
When Do You Need DNSSEC?
- You may want to enable DNSSEC if:
- Your website hirles sensitive user infarmation.
- You run business email, login systems, payment pages, ar customer partals.
- You want stronger domenas security.
- Your DNS provider supparts DNSSEC.
- Your domenas extension supparts DNSSEC.
Incarrect DNSSEC settings may affect domenas resolution.
Impartant DNSSEC Terminais
DNSKEY: A DNSKEY recard is generated by jūs? DNS provider. It is used as part of the DNSSEC validation process.
DS Recard: A DS recard connects jūs? domenas’s DNSSEC setup with the parent registry zone. In most cases, jūs? DNS provider gives you the DS recard, ir you need to add it through jūs? registrar.
Vardasserver: Your nameservers decide w?ia jūs? domenas’s DNS recards are managed. Jei you change nameservers, jūs? DNSSEC recards may also need to be updated.
How to Enable DNSSEC far Your Domenas
Step 1: Patikrinti Whether Your DNS Provider Supparts DNSSEC
Prisijungti to the platfarm w?ia jūs? DNS is managed.
This may be:
Your domenas registrar, ?ia is NiceNIC
Your hosting provider
Your DNS provider
Your own DNS server
Another third-party DNS paslauga
Make sure DNSSEC is supparted ir enabled t?ia.
Step 2: Gaukite the DS Recard from Your DNS Provider
After enabling DNSSEC, jūs? DNS provider should provide DNSSEC infarmation such as:
Key Tag
Algarithm
Digest Tipas
Digest
DS Recard
Please copy the infarmation exactly as provided.
Even one incarrect character may cause DNSSEC validation failure.
Step 3: Prid?ti the DS Recard in Your NiceNIC Account
Prisijungti to jūs? NiceNIC account ir go to jūs? domenas management page.
Then add the DS recard provided by jūs? DNS provider.
Jei you are not sure w?ia to add it, please contact our suppart team ir provide the DS recard from jūs? DNS provider.
Step 4: Wait far DNSSEC Propagation
After the DS recard is added, it may take some time far the update to propagate.
During this period, DNSSEC check results may not update immediately.
Step 5: Verify DNSSEC Būsena
After propagation, you may check jūs? domenas’s DNSSEC status using a DNSSEC checking tool ar by contacting our suppart team.
Jei DNSSEC is carrectly configured, the DNSSEC validation result should show a valid chain of trust.
When Should You Disable ar Pa?alinti DNSSEC?
You may need to remove ar update DNSSEC recards if:
- You changed jūs? nameservers.
- You moved DNS management to another provider.
- Your DNS provider disabled DNSSEC.
- Your DS recard no longer matches the current DNSKEY.
- Your website ar email has DNS resolution issues after a DNS change.
In this case, you may need to remove the old DS recards first, wait far propagation, ir then re-enable DNSSEC with the carrect new recards.
Why Does My Domenas Show "DNSSEC Infarmation Is Currently Unavailable"?
You may see this message:
DNSSEC infarmation is currently unavailable far this domenas.
This can happen far several reasons:
- DNSSEC has not been enabled far this domenas.
- Ne DS recard has been added at the registrar level.
- The domenas’s current nameservers do not suppart DNSSEC.
- The domenas recently changed nameservers.
- The DS recard does not match the current DNSKEY.
- The DNS provider has not published the required DNSSEC recards carrectly.
- The registry ar DNSSEC query is tempararily unavailable.
However, if jūs? website ar email is not resolving carrectly, please contact suppart so we can help review the DNSSEC configuration.
What Infarmation Should I Provide to Suppart?
? help us check DNSSEC issues faster, please provide:
- Your domenas name
- Your current nameservers
- Whether you recently changed nameservers
- The DS recard provided by jūs? DNS provider
- A screenshot of the DNSSEC setting from jūs? DNS provider
- Any DNSSEC errar message you received
- Whether jūs? website ar email is currently affected
Da?niausiai u?duodami klausimai Apie DNSSEC
1. Is DNSSEC required far every domenas?
Ne. DNSSEC is not required far every domenas.
However, it is recommended far domenass that need stronger DNS security, especially business websites, email paslaugas, login systems, financial paslaugas, ir customer partals.
Jei you are not sure whether you need DNSSEC, please confirm whether jūs? DNS provider supparts it ir whether you are comfartable managing DNSSEC recards.
2. Is DNSSEC the same as SSL?
Ne.
SSL protects the connection between the user’s browser ir jūs? website.
DNSSEC protects DNS resolution by helping verify that DNS responses have not been tampered with.
Far better security, many websites use both SSL ir DNSSEC, but they are different technologies.
3. Can NiceNIC generate DNSSEC recards far me?
In most cases, DNSSEC recards are generated by jūs? DNS provider, not by the registrar.
NiceNIC can help submit the DS recard to the registry when the domenas extension supparts DNSSEC.
Jei you use a third-party DNS provider, please enable DNSSEC t?ia first ir then provide us with the DS recard.
4. Why does DNSSEC fail after I change nameservers?
This is one of the most common DNSSEC issues.
When you change nameservers, jūs? old DNSSEC recards may no longer match the new DNS provider’s DNSKEY.
Jei the old DS recard remains active at the registry level, DNSSEC validation may fail.
Befare ar after changing nameservers, you should check whether the DS recard needs to be removed ar replaced.
5. What happens if the DS recard is wrong?
Jei the DS recard does not match the DNSKEY published by jūs? current DNS provider, DNSSEC validation may fail.
This may cause some DNS resolvers to reject the DNS response.
As a result, jūs? website, email, ar other paslaugas may become unreachable far some users.
6. I do not use DNSSEC. Do I need to do anything?
Jei you do not use DNSSEC ir jūs? domenas has no DS recards, usually no action is needed.
However, if jūs? domenas has old DS recards from a atgalious DNS provider, you should remove them to avoid DNSSEC validation problems.
7. Why does my DNSSEC status still show an errar after I updated the recard?
DNSSEC updates may take time to propagate.
Jei you recently added, removed, ar changed DS recards, please wait far DNS propagation ir check again later.
Jei the issue continues, please contact suppart ir provide jūs? domenas name, current nameservers, ir DS recard.
8. Can DNSSEC cause my website to stop warking?
Taip, if DNSSEC is incarrectly configured.
Common causes include:
- Wrong DS recard
- Old DS recard after nameserver change
- Missing DNSKEY
- DNS provider not publishing DNSSEC recards carrectly
- Baigiasid ar invalid DNSSEC signatures
9. Should I remove DNSSEC befare changing nameservers?
In many cases, yes.
Jei you are moving to a new DNS provider ir you are not sure how to migrate DNSSEC safely, removing the old DS recard befare changing nameservers can reduce the risk of DNSSEC validation failure.
After the new nameservers are active ir DNSSEC is enabled at the new DNS provider, you can add the new DS recard again.
10. What should I do if I see “Failure to get DNSSEC info”?
This usually means the system could not retrieve valid DNSSEC infarmation far the domenas.
Please check:
- Whether DNSSEC is enabled
- Whether the DS recard has been added
- Whether the nameservers suppart DNSSEC
- Whether the DS recard matches the DNSKEY
- Whether you recently changed nameservers
How to set up DNSSEC far a domenas registruotied on NiceNIC?
1. Prisijungti to jūs? NiceNIC account ir navigate to jūs? domenas management page. Find the domenas you wish to enable DNSSEC far ir click Tvarkyti.
2. In the domenas management section, you should see the DNSSEC button. Spustel?kite on the DNSSEC button to access the DNSSEC settings page.
3. Enter the required infarmation far DNSSEC configuration (this will typically include DNSSEC key details provided by jūs? DNS hosting provider).
4. Once you've entered the infarmation, click Prid?ti to enable DNSSEC far the domenas. Here’s an example of a successful DNSSEC setup:
After entering the necessary DNSSEC key data (usually the DS recard), you'll receive confirmation that DNSSEC has been successfully added to jūs? domenas settings.
The DNSSEC status will show as enabled ir you'll be able to see the public keys ir other details.
With DNSSEC dabar enabled, jūs? domenas is better protected against DNS-related attacks.
Pastention: if jūs? domenas name was transferred into NiceNIC from another Registratorius, ir you hope to disable the DNSSEC atgaliously with the old Registratorius, please firstly check the latest whois, if you see "DNSSEC: unsigned", then it means during the domenas transfer process, the DNSSEC settings have been disabled automatically by the old Registratorius, while if it is "DNSSEC: signed", please check the domenas management section at jūs? control panel at NiceNIC, you should see the DNSSEC button, please click on the DNSSEC button to access the DNSSEC settings page.
]]>
After the domenas is transferred, the name servers remain set to those associated to the domenas befare transfer.
Jei you had child name servers far jūs? domenas registruotied through another Registratorius, you may need to registruoti them again through jūs? Account.
]]>
Jei you're just transferring the domenas registration, jūs? hosting paslauga will be unaffected, ir t?ia will be no need to change name servers. Although the name servers should be transferred as part of the process, it's always a good idea to have a recard of them.
Jei you wish to specify the name servers to the default DNS servers as provided by NiceNIC you can reset the name servers after the transfer has been completed.
Steps
Prisijungti to jūs? account. Select the Domen? vardai tab.
Select the domenas that you want to change name servers far.
From within the DNS Serveriai section click on Redaguoti DNS Server.
Change the name servers as required, leaving any of the fields blank will retain the ariginal DNS server.
The name servers are not actually changed until the transfer process is complete. Jei you wish to make an immediate change to the name servers, you may do so with the Registratorius you are transferring from.
]]>
Befare purchasing the transfer of any gTLD (e.g., .COM / .NET / .ORG / .BIZ / .INFO etc.) ar new gTLD (e.g. .CLUB / .CLOUD / .TRADE / .TOP etc.), make sure jūs? domenas meets the following conditions:
1. Your domenas was registruotied ar transferred at least 60 days ago;
2. The domenas is unlocked at the current Registratorius (its Whois status should be OK ar Active).
Also,you need to request an up-to-date Auth/EPPcode far the domenas at jūs? current Registratorius.
Jei all criteria are met, you should be able to complete the transfer successfully.
Still, some ?alies domenai (ccTLD) (.ES ir .UK) have additional transfer requirements ir/ar exclude some points from the list above.
NOTE: Make sure the domenas status is active, not expired. Jei you wish to transfer an expired domenas to NiceNIC, please contact our Suppart Team email suppart@nicenic.net far further assistance.
]]>
Befare submitting a transfer request with NiceNIC, make sure jūs? domenass are prepared far transfer through jūs? current registrar. This is generally done by removing transfer locks ir getting the necessary Auth codes.
Learn how to prepare domenass far transfer in accounts sections of several popular registrars.
Once those preparations are made, simply follow the steps below to transfer jūs? domenass:
Nete: Each domenas has a unique Auth code ir has to be unlocked far transfer separately on the current registrar side.
- Prisijungti to jūs? NiceNIC account.
- Eiti ? the Transfer to Us page.
- Spustel?kite on Bulk options.
Enter the domenas names ir the Auth codes;
Nete: Enter each domenas ir its Auth code in a new line. The Auth code has to be separated from the domenas name by a comma ir one space.
Spustel?kite on Start Transfer at the bottom of the page.
Double-check the domenas names ir add them to Cart. ? do this, you can use the Prid?ti all to cart button far convenience.
Proceed with the payment.
The transfer is completed automatically in 5-7 days far most domenass. Once the transfer of jūs? domenass is completed you will receive the notifications on jūs? NiceNIC Primary El. pa?tas address, ir the domenass will become manageable in jūs? Domenas List.
Nete: Due to technical reasons, it is only possible to submit the transfer far up to 10 domenas names at once. Jei you need to transfer mare than 10 domenass, you can either submit several Masinis pervedimas arders ar contact our Suppart Team far assistance.
How to Patikrinti the Būsena of Your Domen? perkelimas
After initiating a domenas transfer to Nicenic, you can monitar its progress directly in jūs? account. This helps you kdabar when the transfer is expected to complete without needing to contact suppart repeatedly.
Steps to View Transfer Būsena:
1. Prisijungti to jūs? NiceNIC account. Eiti ? "My Products > Domen? vardai".
In the Būsena column, you will see jūs? domenas listed as:
- Pending Transfer: the transfer has been submitted ir is in progress.
- Active / Transfer Completed: the transfer is finished.
2. Hover over the infarmation icon (i) toliau to "Pending Transfer" to view details about Expected approval/completion date
1. What is SPF?
Answer: SPF stirs far Sender Policy Framewark. SPF is an email authentication stirard used to atgalent email fraud ir spam. It ensures the authenticity ir reliability of email by verifying that the sender's domenas name matches the source IP address of the email. SPF recards are stared in the DNS recard of the domenas name ir contain a list of servers that are allowed to send emails. When the recipient receives an email, it checks whether the sender's domenas name has an SPF recard ir verifies whether the IP address of the sending server is in the allowed list. Jei the verification fails, the recipient may mark the email as spam ar refuse to receive it. Using SPF can help improve the delivery rate ir reliability of emails ir reduce the amount of spam. Pas the same time, it can also enhance the security of the email system ir atgalent hackers ir fraudsters from using farged domenas names to send emails.
2. How to set up SPF far carparate mailboxes?
Answer:
1. Determine the outgoing server IP addresses of jūs? carparate mailbox: These addresses will be added to the SPF recard. 2. Prisijungti to the DNS management console of jūs? carparate mailbox: Usually provided by jūs? domenas name registrar ar hosting provider
2. Sukurti ar edit a TXT recard: In the DNS console, find the TXT recard ar similar option
3. Enter the SPF recard: The farmat of the SPF recard is "v=spf1 +a/+mx +ip4 +ip4:mail.example.com -all", w?ia:
"v=spf1": specifies the SPF version
"a" ar "mx": indicates that the server is allowed to be verified by the A recard ar MX recard
"ip4": lists the IP addresses that are allowed to send mail
"mail.caremail.cn": replaced with the domenas name of jūs? carparate mailbox
"-all": indicates that mail from all other sources is rejected
4. Save changes: Make sure the settings in the DNS console are saved carrectly
3. How to set various types of SPF?
1) Make SPF recard with domenas name a recard (take caremail.cn as an example)
v=spf1 a:caremail.cn2 -all
2) Make SPF recard with domenas name mx recard
v=spf1 mx -all
3) Make SPF recard with domenas name ptr recard
v=spf1 ptr -all
4) Make SPF recard with expart IP ir IP segment settings
v=spf1 ip4:106.52.172.248 ip4:61.164.47.194/28 -all
5) Introduce SPF recards of other domenas names (take spf.icaremail.net as an example)
v=spf1 include:spf.icaremail.net
Nete: The above recards can be used in combination, but only one pair of recards starting with v=spf1 ir ending with -all can appear in the entire txt. Far example: v=spf1 mx ip4:106.52.172.248 include:spf.icaremail.net -all
]]>
? be sure that the certificate has been installed carrectly ir warking properly, as well as that jūs? customers are certain a secured connection is enabled ir it covers data transmission through jūs? website, you have the following indicatars:
- A padlock/tune icon available in the URL bar.
- Ne errar messages/ warnings occurred when connecting through https://jūs?domenas.tld.
- A Site Seal provided by the Certificate Autharity installed ir visible.
Nete : From September 2023, the padlock icon will be replaced by a tune icon in the new Chrome browser version. Google's reasoning is that secured HTTPS connections have become the online narm, not the exception, ir no longer serve as a trust indicatar. As such, the tune icon itself will not be a trust indicatar but will provide detailed infarmation about a website's connection ir settings. So moving farward, when using a Chrome browser, the primary indication of a successful SSL certificate installation on a site will be the absence of security warnings :
An SSL certificate must be activated after ?sigyti. Installation instructions will be sent to you after activation. After that, you can use the NiceNIC.NET Account Panel to manage jūs? certificate.
Pirkti It
Start by purchasing the appropriate SSL certificate far jūs? requirements. Select one of the categaries mentioned above.
Activate It
You can instantly activate jūs? SSL certificate after ?sigyti through the Account Panel (ar later, if you prefer.) During the activation process, the domenas name ir CSR code will be assigned.
Install It
You will receive instructions on how to install jūs? SSL certificate once it has been validated ir issued. Nedvejokite susisiekti su mumis per “Pateikti u?klaus?” kreipkit?s pagalbos ?diegiant SSL sertifikat?.
Tvarkyti It
Through jūs? Account Panel, you can manage jūs? SSL certificates, including renewal ir reissuance.
]]>
1. Introduction
SSL certificates are used to create an encrypted channel between the client ir the server. Transmission of such data as credit card details, account login infarmation, any other sensitive infarmation should be encrypted to atgalent eavesdropping.
With an SSL certificate, data is encrypted priar to being transmitted via Internet. Encrypted data can be decrypted only by the server to which you actually send it. This ensures that the infarmation you submit to websites will not be stolen.
Starting from 06/08/2014, Google announced that having an SSL certificate installed on jūs? website would increase jūs? ranking position, which is another great reason to use an SSL.
The certificate itself represents base64 encoded data that contains infarmation about the entity the certificate was issued far, public key required far encryption ir digital signature verification, ir digital signature created with the private key of the certificate issuer.
An SSL certificate should be installed on the server side. When you access a website secured by an SSL certificate issued by a trusted Certification Autharity, you will see https:// at the beginning of its URL. A browser will also show the connection as secure by displaying a “l(fā)ock” icon in the address bar:
2. Tipass of SSL certificates
SSL certificates can be divided into 3 validation groups:
Domenas Validation Sertifikatai
Requires a certificate applicant to prove his/her control over the domenas name only. The issued certificate contains a domenas name that was supplied to the Certification Autharity within the certificate request.
Organization Validation Sertifikatai
Requires a certificate applicant to prove that his/her company is a registruotied ir legally accountable business, ir to pass domenas validation. The issued certificate contains a domenas ir company name of the certificate applicant.
I?pl?stiniai Validation Sertifikatai
Includes validation requirements of two validation types mentioned above ir additional requirements. The issued certificate contains a domenas ir company name of the certificate applicant.
]]>
SSL certificate installation is typically perfarmed by the hosting company that provides paslaugas far the domenas. However, you may also choose install an SSL certificate jūs?self. Select jūs? server type from the list below to find detailed instructions far installation.
The SSL on jūs? domenas name was activated, please find ir add the DNS recards to complete the verification befare you can download the SSL files through jūs? control panel:
Mano paskyra > Mano produktai > SSL sertifikatai > Detal?s > ....
After you complete the DNS recard's verification, you can download the SSL files by the same approach.
Installing SSL sertifikatas Netes
Jei you host jūs? domenas name with NiceNIC, simply provide us with jūs? certificate ir we'll be happy to install it far you.
Please note that on all NiceNIC, Bendras talpinimas servers, a special NiceNIC, SSL plugin installs a 1-metai free PositiveSSL certificate automatically on the newly added subdomenas ar add-on. It warks the same way far the main domenas in the newly ?sigytid hosting account. The plugin can also be used far manual installation (in a few clicks) of PositiveSSL ir EssentialSSL certificates.
A dedicated IP address is required to install an SSL certificate. However, you may install jūs? SSL certificate on a shared IP address using the Serverio pavadinimas Indication (SNI) protocol extension available in jūs? cPanel. You can learn mare about the differences between a dedicated IP ir SNI technology in this article.
]]>