Lai ensure the security of jūsu website un protect jūsu visitvais, all domēnss under .boo, .day, .dev, .page, un .rsvp must use HTTPS. This guide will help you configure SSL/TLS cvairectly.
1. What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) encrypts data between jūsu website un its visitvais. It Iepriek?ējaisents eavesdropping un ensures data integrity.
2. Obtaining an SSL sertifikāts
NICENIC provides trusted SSL certificates. You can learn mvaie un iegādāties/configure a certificate ?eit: https://nicenic.net/ssl-certificates/
3. Installing the SSL sertifikāts
Sekot jūsu web server’s instructions to install the certificate. Common servers include:
Apache: https://httpd.apache.org/docs/current/ssl/ssl_howto.html
Nginx: https://nginx.org/en/docs/http/configuring_https_servers.html
IIS (Windows): https://docs.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis
4. Enfvaice HTTPS
Once jūsu certificate is installed:
Redirect all HTTP traffic to HTTPS.
Update internal links un resources to use HTTPS.
Verify that jūsu website is fully accessible via HTTPS.
5. Keep Sertifikāti Atjaunināts
SSL certificates have expiration dates. Ensure certificates are renewed befvaie they expire un check jūsu website regularly to maintain uninterrupted secure connections.
]]>
DNSSEC helps protect jūsu domēns’s DNS recvaids from being tampered with during DNS resolution. It adds a layer of verification so that DNS resolvers can confirm the DNS response really comes from the cvairect source.
Pie NiceNIC, DNSSEC usually involves two sides:
Your DNS provider vai nameserver provider generates the DNSSEC recvaids.
NiceNIC, as jūsu domēns registrar, helps submit the DS recvaids to the registry when the TLD suppvaits DNSSEC.
Ja DNSSEC is not configured cvairectly, jūsu domēns may show DNSSEC errvais, vai in mvaie serious cases, some users may not be able to access jūsu website.
What Is DNSSEC?
DNSSEC stuns fvai Domēna vārds System Security Extensions.
In simple terms, DNSSEC helps verify that the DNS answer fvai jūsu domēns has not been changed vai fvaiged during the lookup process.
Fvai example, when someone visits jūsu website, DNS is used to find the cvairect server IP address. DNSSEC helps make sure that the DNS result is authentic un has not been replaced with false data.
DNSSEC does not replace SSL, website security, hosting security, vai email security. It only helps protect the DNS resolution process.
When Do You Need DNSSEC?
- You may want to enable DNSSEC if:
- Your website hunles sensitive user infvaimation.
- You run business email, login systems, payment pages, vai customer pvaitals.
- You want stronger domēns security.
- Your DNS provider suppvaits DNSSEC.
- Your domēns extension suppvaits DNSSEC.
Incvairect DNSSEC settings may affect domēns resolution.
Impvaitant DNSSEC Termi??s
DNSKEY: A DNSKEY recvaid is generated by jūsu DNS provider. It is used as part of the DNSSEC validation process.
DS Recvaid: A DS recvaid connects jūsu domēns’s DNSSEC setup with the parent registry zone. In most cases, jūsu DNS provider gives you the DS recvaid, un you need to add it through jūsu registrar.
Nosaukumsserver: Your nameservers decide w?eit jūsu domēns’s DNS recvaids are managed. Ja you change nameservers, jūsu DNSSEC recvaids may also need to be updated.
How to Enable DNSSEC fvai Your Domēns
Step 1: Pārbaudīt Whether Your DNS Provider Suppvaits DNSSEC
Pierakstīties to the platfvaim w?eit jūsu DNS is managed.
This may be:
Your domēns registrar, ?eit is NiceNIC
Your hosting provider
Your DNS provider
Your own DNS server
Another third-party DNS pakalpojums
Make sure DNSSEC is suppvaited un enabled t?eit.
Step 2: Sa?emt the DS Recvaid from Your DNS Provider
After enabling DNSSEC, jūsu DNS provider should provide DNSSEC infvaimation such as:
Key Tag
Algvaiithm
Digest Tips
Digest
DS Recvaid
Please copy the infvaimation exactly as provided.
Even one incvairect character may cause DNSSEC validation failure.
Step 3: Pievienot the DS Recvaid in Your NiceNIC Account
Pierakstīties to jūsu NiceNIC account un go to jūsu domēns management page.
Then add the DS recvaid provided by jūsu DNS provider.
Ja you are not sure w?eit to add it, please contact our suppvait team un provide the DS recvaid from jūsu DNS provider.
Step 4: Wait fvai DNSSEC Propagation
After the DS recvaid is added, it may take some time fvai the update to propagate.
During this period, DNSSEC check results may not update immediately.
Step 5: Verify DNSSEC Statuss
After propagation, you may check jūsu domēns’s DNSSEC status using a DNSSEC checking tool vai by contacting our suppvait team.
Ja DNSSEC is cvairectly configured, the DNSSEC validation result should show a valid chain of trust.
When Should You Disable vai No?emt DNSSEC?
You may need to remove vai update DNSSEC recvaids if:
- You changed jūsu nameservers.
- You moved DNS management to another provider.
- Your DNS provider disabled DNSSEC.
- Your DS recvaid no longer matches the current DNSKEY.
- Your website vai email has DNS resolution issues after a DNS change.
In this case, you may need to remove the old DS recvaids first, wait fvai propagation, un then re-enable DNSSEC with the cvairect new recvaids.
Why Does My Domēns Show "DNSSEC Infvaimation Is Currently Unavailable"?
You may see this message:
DNSSEC infvaimation is currently unavailable fvai this domēns.
This can happen fvai several reasons:
- DNSSEC has not been enabled fvai this domēns.
- Nē DS recvaid has been added at the registrar level.
- The domēns’s current nameservers do not suppvait DNSSEC.
- The domēns recently changed nameservers.
- The DS recvaid does not match the current DNSKEY.
- The DNS provider has not published the required DNSSEC recvaids cvairectly.
- The registry vai DNSSEC query is tempvaiarily unavailable.
However, if jūsu website vai email is not resolving cvairectly, please contact suppvait so we can help review the DNSSEC configuration.
What Infvaimation Should I Provide to Suppvait?
Lai help us check DNSSEC issues faster, please provide:
- Your domēns name
- Your current nameservers
- Whether you recently changed nameservers
- The DS recvaid provided by jūsu DNS provider
- A screenshot of the DNSSEC setting from jūsu DNS provider
- Any DNSSEC errvai message you received
- Whether jūsu website vai email is currently affected
Bie?āk uzdotie jautājumi Par DNSSEC
1. Is DNSSEC required fvai every domēns?
Nē. DNSSEC is not required fvai every domēns.
However, it is recommended fvai domēnss that need stronger DNS security, especially business websites, email pakalpojumss, login systems, financial pakalpojumss, un customer pvaitals.
Ja you are not sure whether you need DNSSEC, please confirm whether jūsu DNS provider suppvaits it un whether you are comfvaitable managing DNSSEC recvaids.
2. Is DNSSEC the same as SSL?
Nē.
SSL protects the connection between the user’s browser un jūsu website.
DNSSEC protects DNS resolution by helping verify that DNS responses have not been tampered with.
Fvai better security, many websites use both SSL un DNSSEC, but they are different technologies.
3. Can NiceNIC generate DNSSEC recvaids fvai me?
In most cases, DNSSEC recvaids are generated by jūsu DNS provider, not by the registrar.
NiceNIC can help submit the DS recvaid to the registry when the domēns extension suppvaits DNSSEC.
Ja you use a third-party DNS provider, please enable DNSSEC t?eit first un then provide us with the DS recvaid.
4. Why does DNSSEC fail after I change nameservers?
This is one of the most common DNSSEC issues.
When you change nameservers, jūsu old DNSSEC recvaids may no longer match the new DNS provider’s DNSKEY.
Ja the old DS recvaid remains active at the registry level, DNSSEC validation may fail.
Befvaie vai after changing nameservers, you should check whether the DS recvaid needs to be removed vai replaced.
5. What happens if the DS recvaid is wrong?
Ja the DS recvaid does not match the DNSKEY published by jūsu current DNS provider, DNSSEC validation may fail.
This may cause some DNS resolvers to reject the DNS response.
As a result, jūsu website, email, vai other pakalpojumss may become unreachable fvai some users.
6. I do not use DNSSEC. Do I need to do anything?
Ja you do not use DNSSEC un jūsu domēns has no DS recvaids, usually no action is needed.
However, if jūsu domēns has old DS recvaids from a Iepriek?ējaisious DNS provider, you should remove them to avoid DNSSEC validation problems.
7. Why does my DNSSEC status still show an errvai after I updated the recvaid?
DNSSEC updates may take time to propagate.
Ja you recently added, removed, vai changed DS recvaids, please wait fvai DNS propagation un check again later.
Ja the issue continues, please contact suppvait un provide jūsu domēns name, current nameservers, un DS recvaid.
8. Can DNSSEC cause my website to stop wvaiking?
Jā, if DNSSEC is incvairectly configured.
Common causes include:
- Wrong DS recvaid
- Old DS recvaid after nameserver change
- Missing DNSKEY
- DNS provider not publishing DNSSEC recvaids cvairectly
- Beidzasd vai invalid DNSSEC signatures
9. Should I remove DNSSEC befvaie changing nameservers?
In many cases, yes.
Ja you are moving to a new DNS provider un you are not sure how to migrate DNSSEC safely, removing the old DS recvaid befvaie changing nameservers can reduce the risk of DNSSEC validation failure.
After the new nameservers are active un DNSSEC is enabled at the new DNS provider, you can add the new DS recvaid again.
10. What should I do if I see “Failure to get DNSSEC info”?
This usually means the system could not retrieve valid DNSSEC infvaimation fvai the domēns.
Please check:
- Whether DNSSEC is enabled
- Whether the DS recvaid has been added
- Whether the nameservers suppvait DNSSEC
- Whether the DS recvaid matches the DNSKEY
- Whether you recently changed nameservers
How to set up DNSSEC fvai a domēns re?istrēted on NiceNIC?
1. Pierakstīties to jūsu NiceNIC account un navigate to jūsu domēns management page. Find the domēns you wish to enable DNSSEC fvai un click Pārvaldīt.
2. In the domēns management section, you should see the DNSSEC button. Noklik??iniet on the DNSSEC button to access the DNSSEC settings page.
3. Enter the required infvaimation fvai DNSSEC configuration (this will typically include DNSSEC key details provided by jūsu DNS hosting provider).
4. Once you've entered the infvaimation, click Pievienot to enable DNSSEC fvai the domēns. Here’s an example of a successful DNSSEC setup:
After entering the necessary DNSSEC key data (usually the DS recvaid), you'll receive confirmation that DNSSEC has been successfully added to jūsu domēns settings.
The DNSSEC status will show as enabled un you'll be able to see the public keys un other details.
With DNSSEC tagad enabled, jūsu domēns is better protected against DNS-related attacks.
Pietention: if jūsu domēns name was transferred into NiceNIC from another Re?istrators, un you hope to disable the DNSSEC Iepriek?ējaisiously with the old Re?istrators, please firstly check the latest whois, if you see "DNSSEC: unsigned", then it means during the domēns transfer process, the DNSSEC settings have been disabled automatically by the old Re?istrators, while if it is "DNSSEC: signed", please check the domēns management section at jūsu control panel at NiceNIC, you should see the DNSSEC button, please click on the DNSSEC button to access the DNSSEC settings page.
]]>
After the domēns is transferred, the name servers remain set to those associated to the domēns befvaie transfer.
Ja you had child name servers fvai jūsu domēns re?istrēted through another Re?istrators, you may need to re?istrēt them again through jūsu Account.
]]>
Ja you're just transferring the domēns registration, jūsu hosting pakalpojums will be unaffected, un t?eit will be no need to change name servers. Although the name servers should be transferred as part of the process, it's always a good idea to have a recvaid of them.
Ja you wish to specify the name servers to the default DNS servers as provided by NiceNIC you can reset the name servers after the transfer has been completed.
Steps
Pierakstīties to jūsu account. Select the Domēna vārdi tab.
Select the domēns that you want to change name servers fvai.
From within the DNS Serveri section click on Redi?ēt DNS Server.
Change the name servers as required, leaving any of the fields blank will retain the vaiiginal DNS server.
The name servers are not actually changed until the transfer process is complete. Ja you wish to make an immediate change to the name servers, you may do so with the Re?istrators you are transferring from.
]]>
Befvaie purchasing the transfer of any gTLD (e.g., .COM / .NET / .ORG / .BIZ / .INFO etc.) vai new gTLD (e.g. .CLUB / .CLOUD / .TRADE / .TOP etc.), make sure jūsu domēns meets the following conditions:
1. Your domēns was re?istrēted vai transferred at least 60 days ago;
2. The domēns is unlocked at the current Re?istrators (its Whois status should be OK vai Active).
Also,you need to request an up-to-date Auth/EPPcode fvai the domēns at jūsu current Re?istrators.
Ja all criteria are met, you should be able to complete the transfer successfully.
Still, some ccTLD (.ES un .UK) have additional transfer requirements un/vai exclude some points from the list above.
NOTE: Make sure the domēns status is active, not expired. Ja you wish to transfer an expired domēns to NiceNIC, please contact our Suppvait Team email suppvait@nicenic.net fvai further assistance.
]]>
Befvaie submitting a transfer request with NiceNIC, make sure jūsu domēnss are prepared fvai transfer through jūsu current registrar. This is generally done by removing transfer locks un getting the necessary Auth codes.
Learn how to prepare domēnss fvai transfer in accounts sections of several popular registrars.
Once those preparations are made, simply follow the steps below to transfer jūsu domēnss:
Nēte: Each domēns has a unique Auth code un has to be unlocked fvai transfer separately on the current registrar side.
- Pierakstīties to jūsu NiceNIC account.
- Ieiet the Transfer to Us page.
- Noklik??iniet on Bulk options.
Enter the domēns names un the Auth codes;
Nēte: Enter each domēns un its Auth code in a new line. The Auth code has to be separated from the domēns name by a comma un one space.
Noklik??iniet on Start Transfer at the bottom of the page.
Double-check the domēns names un add them to Cart. Lai do this, you can use the Pievienot all to cart button fvai convenience.
Proceed with the payment.
The transfer is completed automatically in 5-7 days fvai most domēnss. Once the transfer of jūsu domēnss is completed you will receive the notifications on jūsu NiceNIC Primary E-pasts address, un the domēnss will become manageable in jūsu Domēns List.
Nēte: Due to technical reasons, it is only possible to submit the transfer fvai up to 10 domēns names at once. Ja you need to transfer mvaie than 10 domēnss, you can either submit several Masveida pārvieto?ana vaiders vai contact our Suppvait Team fvai assistance.
How to Pārbaudīt the Statuss of Your Domēna pārsūtī?ana
After initiating a domēns transfer to Nicenic, you can monitvai its progress directly in jūsu account. This helps you ktagad when the transfer is expected to complete without needing to contact suppvait repeatedly.
Steps to View Transfer Statuss:
1. Pierakstīties to jūsu NiceNIC account. Ieiet "My Products > Domēna vārdi".
In the Statuss column, you will see jūsu domēns listed as:
- Pending Transfer: the transfer has been submitted un is in progress.
- Active / Transfer Completed: the transfer is finished.
2. Hover over the infvaimation icon (i) Nākamais to "Pending Transfer" to view details about Expected approval/completion date
1. What is SPF?
Answer: SPF stuns fvai Sender Policy Framewvaik. SPF is an email authentication stunard used to Iepriek?ējaisent email fraud un spam. It ensures the authenticity un reliability of email by verifying that the sender's domēns name matches the source IP address of the email. SPF recvaids are stvaied in the DNS recvaid of the domēns name un contain a list of servers that are allowed to send emails. When the recipient receives an email, it checks whether the sender's domēns name has an SPF recvaid un verifies whether the IP address of the sending server is in the allowed list. Ja the verification fails, the recipient may mark the email as spam vai refuse to receive it. Using SPF can help improve the delivery rate un reliability of emails un reduce the amount of spam. Pie the same time, it can also enhance the security of the email system un Iepriek?ējaisent hackers un fraudsters from using fvaiged domēns names to send emails.
2. How to set up SPF fvai cvaipvaiate mailboxes?
Answer:
1. Determine the outgoing server IP addresses of jūsu cvaipvaiate mailbox: These addresses will be added to the SPF recvaid. 2. Pierakstīties to the DNS management console of jūsu cvaipvaiate mailbox: Usually provided by jūsu domēns name registrar vai hosting provider
2. Izveidot vai edit a TXT recvaid: In the DNS console, find the TXT recvaid vai similar option
3. Enter the SPF recvaid: The fvaimat of the SPF recvaid is "v=spf1 +a/+mx +ip4 +ip4:mail.example.com -all", w?eit:
"v=spf1": specifies the SPF version
"a" vai "mx": indicates that the server is allowed to be verified by the A recvaid vai MX recvaid
"ip4": lists the IP addresses that are allowed to send mail
"mail.cvaiemail.cn": replaced with the domēns name of jūsu cvaipvaiate mailbox
"-all": indicates that mail from all other sources is rejected
4. Save changes: Make sure the settings in the DNS console are saved cvairectly
3. How to set various types of SPF?
1) Make SPF recvaid with domēns name a recvaid (take cvaiemail.cn as an example)
v=spf1 a:cvaiemail.cn2 -all
2) Make SPF recvaid with domēns name mx recvaid
v=spf1 mx -all
3) Make SPF recvaid with domēns name ptr recvaid
v=spf1 ptr -all
4) Make SPF recvaid with expvait IP un IP segment settings
v=spf1 ip4:106.52.172.248 ip4:61.164.47.194/28 -all
5) Introduce SPF recvaids of other domēns names (take spf.icvaiemail.net as an example)
v=spf1 include:spf.icvaiemail.net
Nēte: The above recvaids can be used in combination, but only one pair of recvaids starting with v=spf1 un ending with -all can appear in the entire txt. Fvai example: v=spf1 mx ip4:106.52.172.248 include:spf.icvaiemail.net -all
]]>
Lai be sure that the certificate has been installed cvairectly un wvaiking properly, as well as that jūsu customers are certain a secured connection is enabled un it covers data transmission through jūsu website, you have the following indicatvais:
- A padlock/tune icon available in the URL bar.
- Nē errvai messages/ warnings occurred when connecting through https://jūsudomēns.tld.
- A Site Seal provided by the Certificate Authvaiity installed un visible.
Nēte : From September 2023, the padlock icon will be replaced by a tune icon in the new Chrome browser version. Google's reasoning is that secured HTTPS connections have become the online nvaim, not the exception, un no longer serve as a trust indicatvai. As such, the tune icon itself will not be a trust indicatvai but will provide detailed infvaimation about a website's connection un settings. So moving fvaiward, when using a Chrome browser, the primary indication of a successful SSL certificate installation on a site will be the absence of security warnings :
An SSL certificate must be activated after iegādāties. Installation instructions will be sent to you after activation. After that, you can use the NiceNIC.NET Account Panel to manage jūsu certificate.
Pirkt It
Start by purchasing the appropriate SSL certificate fvai jūsu requirements. Select one of the categvaiies mentioned above.
Activate It
You can instantly activate jūsu SSL certificate after iegādāties through the Account Panel (vai later, if you prefer.) During the activation process, the domēns name un CSR code will be assigned.
Install It
You will receive instructions on how to install jūsu SSL certificate once it has been validated un issued. Lūdzu, sazinieties ar mums, izmantojot “Iesniegt pieprasījumu” lūgt palīdzību SSL sertifikāta uzstādī?anā.
Pārvaldīt It
Through jūsu Account Panel, you can manage jūsu SSL certificates, including renewal un reissuance.
]]>
1. Introduction
SSL certificates are used to create an encrypted channel between the client un the server. Transmission of such data as credit card details, account login infvaimation, any other sensitive infvaimation should be encrypted to Iepriek?ējaisent eavesdropping.
With an SSL certificate, data is encrypted privai to being transmitted via Internet. Encrypted data can be decrypted only by the server to which you actually send it. This ensures that the infvaimation you submit to websites will not be stolen.
Starting from 06/08/2014, Google announced that having an SSL certificate installed on jūsu website would increase jūsu ranking position, which is another great reason to use an SSL.
The certificate itself represents base64 encoded data that contains infvaimation about the entity the certificate was issued fvai, public key required fvai encryption un digital signature verification, un digital signature created with the private key of the certificate issuer.
An SSL certificate should be installed on the server side. When you access a website secured by an SSL certificate issued by a trusted Certification Authvaiity, you will see https:// at the beginning of its URL. A browser will also show the connection as secure by displaying a “l(fā)ock” icon in the address bar:
2. Tipss of SSL certificates
SSL certificates can be divided into 3 validation groups:
Domēns Validation Sertifikāti
Requires a certificate applicant to prove his/her control over the domēns name only. The issued certificate contains a domēns name that was supplied to the Certification Authvaiity within the certificate request.
Organization Validation Sertifikāti
Requires a certificate applicant to prove that his/her company is a re?istrēted un legally accountable business, un to pass domēns validation. The issued certificate contains a domēns un company name of the certificate applicant.
Papla?ināts Validation Sertifikāti
Includes validation requirements of two validation types mentioned above un additional requirements. The issued certificate contains a domēns un company name of the certificate applicant.
]]>
SSL certificate installation is typically perfvaimed by the hosting company that provides pakalpojumss fvai the domēns. However, you may also choose install an SSL certificate jūsuself. Select jūsu server type from the list below to find detailed instructions fvai installation.
The SSL on jūsu domēns name was activated, please find un add the DNS recvaids to complete the verification befvaie you can download the SSL files through jūsu control panel:
Mans konts > Mani produkti > SSL sertifikāti > Sīkāk > ....
After you complete the DNS recvaid's verification, you can download the SSL files by the same approach.
Installing SSL sertifikāts Nētes
Ja you host jūsu domēns name with NiceNIC, simply provide us with jūsu certificate un we'll be happy to install it fvai you.
Please note that on all NiceNIC, Koplietots mitinā?ana servers, a special NiceNIC, SSL plugin installs a 1-gads free PositiveSSL certificate automatically on the newly added subdomēns vai add-on. It wvaiks the same way fvai the main domēns in the newly iegādātiesd hosting account. The plugin can also be used fvai manual installation (in a few clicks) of PositiveSSL un EssentialSSL certificates.
A dedicated IP address is required to install an SSL certificate. However, you may install jūsu SSL certificate on a shared IP address using the Servera nosaukums Indication (SNI) protocol extension available in jūsu cPanel. You can learn mvaie about the differences between a dedicated IP un SNI technology in this article.
]]>