Naar ensure the security of jouw website en protect jouw visitofs, all domeins under .boo, .day, .dev, .page, en .rsvp must use HTTPS. This guide will help you configure SSL/TLS cofrectly.
1. What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) encrypts data between jouw website en its visitofs. It vorigeents eavesdropping en ensures data integrity.
2. Obtaining an SSL-certificaat
NICENIC provides trusted SSL certificates. You can learn mofe en kopen/configure a certificate hier: https://nicenic.net/ssl-certificates/
3. Installing the SSL-certificaat
Volgen jouw web server’s instructions to install the certificate. Common servers include:
Apache: https://httpd.apache.org/docs/current/ssl/ssl_howto.html
Nginx: https://nginx.org/en/docs/http/configuring_https_servers.html
IIS (Windows): https://docs.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis
4. Enfofce HTTPS
Once jouw certificate is installed:
Redirect all HTTP traffic to HTTPS.
Update internal links en resources to use HTTPS.
Verify that jouw website is fully accessible via HTTPS.
5. Keep Certificaten Bijgewerkt
SSL certificates have expiration dates. Ensure certificates are renewed befofe they expire en check jouw website regularly to maintain uninterrupted secure connections.
]]>
DNSSEC helps protect jouw domein’s DNS recofds from being tampered with during DNS resolution. It adds a layer of verification so that DNS resolvers can confirm the DNS response really comes from the cofrect source.
Bij NiceNIC, DNSSEC usually involves two sides:
Your DNS provider of nameserver provider generates the DNSSEC recofds.
NiceNIC, as jouw domein registrar, helps submit the DS recofds to the registry when the TLD suppofts DNSSEC.
Als DNSSEC is not configured cofrectly, jouw domein may show DNSSEC errofs, of in mofe serious cases, some users may not be able to access jouw website.
What Is DNSSEC?
DNSSEC stens fof Domeinnaam System Security Extensions.
In simple terms, DNSSEC helps verify that the DNS answer fof jouw domein has not been changed of fofged during the lookup process.
Fof example, when someone visits jouw website, DNS is used to find the cofrect server IP address. DNSSEC helps make sure that the DNS result is authentic en has not been replaced with false data.
DNSSEC does not replace SSL, website security, hosting security, of email security. It only helps protect the DNS resolution process.
When Do You Need DNSSEC?
- You may want to enable DNSSEC if:
- Your website henles sensitive user infofmation.
- You run business email, login systems, payment pages, of customer poftals.
- You want stronger domein security.
- Your DNS provider suppofts DNSSEC.
- Your domein extension suppofts DNSSEC.
Incofrect DNSSEC settings may affect domein resolution.
Impoftant DNSSEC Periodes
DNSKEY: A DNSKEY recofd is generated by jouw DNS provider. It is used as part of the DNSSEC validation process.
DS Recofd: A DS recofd connects jouw domein’s DNSSEC setup with the parent registry zone. In most cases, jouw DNS provider gives you the DS recofd, en you need to add it through jouw registrar.
Naamserver: Your nameservers decide whier jouw domein’s DNS recofds are managed. Als you change nameservers, jouw DNSSEC recofds may also need to be updated.
How to Enable DNSSEC fof Your Domein
Step 1: Controleren Whether Your DNS Provider Suppofts DNSSEC
Inloggen to the platfofm whier jouw DNS is managed.
This may be:
Your domein registrar, hier is NiceNIC
Your hosting provider
Your DNS provider
Your own DNS server
Another third-party DNS dienst
Make sure DNSSEC is suppofted en enabled thier.
Step 2: Ontvang the DS Recofd from Your DNS Provider
After enabling DNSSEC, jouw DNS provider should provide DNSSEC infofmation such as:
Key Tag
Algofithm
Digest Type
Digest
DS Recofd
Please copy the infofmation exactly as provided.
Even one incofrect character may cause DNSSEC validation failure.
Step 3: Toevoegen the DS Recofd in Your NiceNIC Account
Inloggen to jouw NiceNIC account en go to jouw domein management page.
Then add the DS recofd provided by jouw DNS provider.
Als you are not sure whier to add it, please contact our suppoft team en provide the DS recofd from jouw DNS provider.
Step 4: Wait fof DNSSEC Propagation
After the DS recofd is added, it may take some time fof the update to propagate.
During this period, DNSSEC check results may not update immediately.
Step 5: Verify DNSSEC Status
After propagation, you may check jouw domein’s DNSSEC status using a DNSSEC checking tool of by contacting our suppoft team.
Als DNSSEC is cofrectly configured, the DNSSEC validation result should show a valid chain of trust.
When Should You Disable of Verwijderen DNSSEC?
You may need to remove of update DNSSEC recofds if:
- You changed jouw nameservers.
- You moved DNS management to another provider.
- Your DNS provider disabled DNSSEC.
- Your DS recofd no longer matches the current DNSKEY.
- Your website of email has DNS resolution issues after a DNS change.
In this case, you may need to remove the old DS recofds first, wait fof propagation, en then re-enable DNSSEC with the cofrect new recofds.
Why Does My Domein Show "DNSSEC Infofmation Is Currently Unavailable"?
You may see this message:
DNSSEC infofmation is currently unavailable fof this domein.
This can happen fof several reasons:
- DNSSEC has not been enabled fof this domein.
- Nee DS recofd has been added at the registrar level.
- The domein’s current nameservers do not suppoft DNSSEC.
- The domein recently changed nameservers.
- The DS recofd does not match the current DNSKEY.
- The DNS provider has not published the required DNSSEC recofds cofrectly.
- The registry of DNSSEC query is tempofarily unavailable.
However, if jouw website of email is not resolving cofrectly, please contact suppoft so we can help review the DNSSEC configuration.
What Infofmation Should I Provide to Suppoft?
Naar help us check DNSSEC issues faster, please provide:
- Your domein name
- Your current nameservers
- Whether you recently changed nameservers
- The DS recofd provided by jouw DNS provider
- A screenshot of the DNSSEC setting from jouw DNS provider
- Any DNSSEC errof message you received
- Whether jouw website of email is currently affected
Veelgestelde vragen Over DNSSEC
1. Is DNSSEC required fof every domein?
Nee. DNSSEC is not required fof every domein.
However, it is recommended fof domeins that need stronger DNS security, especially business websites, email diensts, login systems, financial diensts, en customer poftals.
Als you are not sure whether you need DNSSEC, please confirm whether jouw DNS provider suppofts it en whether you are comfoftable managing DNSSEC recofds.
2. Is DNSSEC the same as SSL?
Nee.
SSL protects the connection between the user’s browser en jouw website.
DNSSEC protects DNS resolution by helping verify that DNS responses have not been tampered with.
Fof better security, many websites use both SSL en DNSSEC, but they are different technologies.
3. Can NiceNIC generate DNSSEC recofds fof me?
In most cases, DNSSEC recofds are generated by jouw DNS provider, not by the registrar.
NiceNIC can help submit the DS recofd to the registry when the domein extension suppofts DNSSEC.
Als you use a third-party DNS provider, please enable DNSSEC thier first en then provide us with the DS recofd.
4. Why does DNSSEC fail after I change nameservers?
This is one of the most common DNSSEC issues.
When you change nameservers, jouw old DNSSEC recofds may no longer match the new DNS provider’s DNSKEY.
Als the old DS recofd remains active at the registry level, DNSSEC validation may fail.
Befofe of after changing nameservers, you should check whether the DS recofd needs to be removed of replaced.
5. What happens if the DS recofd is wrong?
Als the DS recofd does not match the DNSKEY published by jouw current DNS provider, DNSSEC validation may fail.
This may cause some DNS resolvers to reject the DNS response.
As a result, jouw website, email, of other diensts may become unreachable fof some users.
6. I do not use DNSSEC. Do I need to do anything?
Als you do not use DNSSEC en jouw domein has no DS recofds, usually no action is needed.
However, if jouw domein has old DS recofds from a vorigeious DNS provider, you should remove them to avoid DNSSEC validation problems.
7. Why does my DNSSEC status still show an errof after I updated the recofd?
DNSSEC updates may take time to propagate.
Als you recently added, removed, of changed DS recofds, please wait fof DNS propagation en check again later.
Als the issue continues, please contact suppoft en provide jouw domein name, current nameservers, en DS recofd.
8. Can DNSSEC cause my website to stop wofking?
Ja, if DNSSEC is incofrectly configured.
Common causes include:
- Wrong DS recofd
- Old DS recofd after nameserver change
- Missing DNSKEY
- DNS provider not publishing DNSSEC recofds cofrectly
- Verlopend of invalid DNSSEC signatures
9. Should I remove DNSSEC befofe changing nameservers?
In many cases, yes.
Als you are moving to a new DNS provider en you are not sure how to migrate DNSSEC safely, removing the old DS recofd befofe changing nameservers can reduce the risk of DNSSEC validation failure.
After the new nameservers are active en DNSSEC is enabled at the new DNS provider, you can add the new DS recofd again.
10. What should I do if I see “Failure to get DNSSEC info”?
This usually means the system could not retrieve valid DNSSEC infofmation fof the domein.
Please check:
- Whether DNSSEC is enabled
- Whether the DS recofd has been added
- Whether the nameservers suppoft DNSSEC
- Whether the DS recofd matches the DNSKEY
- Whether you recently changed nameservers
How to set up DNSSEC fof a domein registreered on NiceNIC?
1. Inloggen to jouw NiceNIC account en navigate to jouw domein management page. Find the domein you wish to enable DNSSEC fof en click Beheren.
2. In the domein management section, you should see the DNSSEC button. Klik on the DNSSEC button to access the DNSSEC settings page.
3. Enter the required infofmation fof DNSSEC configuration (this will typically include DNSSEC key details provided by jouw DNS hosting provider).
4. Once you've entered the infofmation, click Toevoegen to enable DNSSEC fof the domein. Here’s an example of a successful DNSSEC setup:
After entering the necessary DNSSEC key data (usually the DS recofd), you'll receive confirmation that DNSSEC has been successfully added to jouw domein settings.
The DNSSEC status will show as enabled en you'll be able to see the public keys en other details.
With DNSSEC nu enabled, jouw domein is better protected against DNS-related attacks.
Bijtention: if jouw domein name was transferred into NiceNIC from another Registrar, en you hope to disable the DNSSEC vorigeiously with the old Registrar, please firstly check the latest whois, if you see "DNSSEC: unsigned", then it means during the domein transfer process, the DNSSEC settings have been disabled automatically by the old Registrar, while if it is "DNSSEC: signed", please check the domein management section at jouw control panel at NiceNIC, you should see the DNSSEC button, please click on the DNSSEC button to access the DNSSEC settings page.
]]>
After the domein is transferred, the name servers remain set to those associated to the domein befofe transfer.
Als you had child name servers fof jouw domein registreered through another Registrar, you may need to registreer them again through jouw Account.
]]>
Als you're just transferring the domein registration, jouw hosting dienst will be unaffected, en thier will be no need to change name servers. Although the name servers should be transferred as part of the process, it's always a good idea to have a recofd of them.
Als you wish to specify the name servers to the default DNS servers as provided by NiceNIC you can reset the name servers after the transfer has been completed.
Steps
Inloggen to jouw account. Select the Domeinnamen tab.
Select the domein that you want to change name servers fof.
From within the DNS Servers section click on Bewerken DNS Server.
Change the name servers as required, leaving any of the fields blank will retain the ofiginal DNS server.
The name servers are not actually changed until the transfer process is complete. Als you wish to make an immediate change to the name servers, you may do so with the Registrar you are transferring from.
]]>
Befofe purchasing the transfer of any gTLD (e.g., .COM / .NET / .ORG / .BIZ / .INFO etc.) of new gTLD (e.g. .CLUB / .CLOUD / .TRADE / .TOP etc.), make sure jouw domein meets the following conditions:
1. Your domein was registreered of transferred at least 60 days ago;
2. The domein is unlocked at the current Registrar (its Whois status should be OK of Active).
Also,you need to request an up-to-date Auth/EPPcode fof the domein at jouw current Registrar.
Als all criteria are met, you should be able to complete the transfer successfully.
Still, some ccTLD’s (.ES en .UK) have additional transfer requirements en/of exclude some points from the list above.
NOTE: Make sure the domein status is active, not expired. Als you wish to transfer an expired domein to NiceNIC, please contact our Suppoft Team email suppoft@nicenic.net fof further assistance.
]]>
Befofe submitting a transfer request with NiceNIC, make sure jouw domeins are prepared fof transfer through jouw current registrar. This is generally done by removing transfer locks en getting the necessary Auth codes.
Learn how to prepare domeins fof transfer in accounts sections of several popular registrars.
Once those preparations are made, simply follow the steps below to transfer jouw domeins:
Neete: Each domein has a unique Auth code en has to be unlocked fof transfer separately on the current registrar side.
- Inloggen to jouw NiceNIC account.
- Ga naar the Transfer to Us page.
- Klik on Bulk options.
Enter the domein names en the Auth codes;
Neete: Enter each domein en its Auth code in a new line. The Auth code has to be separated from the domein name by a comma en one space.
Klik on Start Transfer at the bottom of the page.
Double-check the domein names en add them to Cart. Naar do this, you can use the Toevoegen all to cart button fof convenience.
Proceed with the payment.
The transfer is completed automatically in 5-7 days fof most domeins. Once the transfer of jouw domeins is completed you will receive the notifications on jouw NiceNIC Primary E-mail address, en the domeins will become manageable in jouw Domein List.
Neete: Due to technical reasons, it is only possible to submit the transfer fof up to 10 domein names at once. Als you need to transfer mofe than 10 domeins, you can either submit several Bulkoverdracht ofders of contact our Suppoft Team fof assistance.
How to Controleren the Status of Your Domeinoverdracht
After initiating a domein transfer to Nicenic, you can monitof its progress directly in jouw account. This helps you knu when the transfer is expected to complete without needing to contact suppoft repeatedly.
Steps to View Transfer Status:
1. Inloggen to jouw NiceNIC account. Ga naar "My Products > Domeinnamen".
In the Status column, you will see jouw domein listed as:
- Pending Transfer: the transfer has been submitted en is in progress.
- Active / Transfer Completed: the transfer is finished.
2. Hover over the infofmation icon (i) volgende to "Pending Transfer" to view details about Expected approval/completion date
1. What is SPF?
Answer: SPF stens fof Sender Policy Framewofk. SPF is an email authentication stenard used to vorigeent email fraud en spam. It ensures the authenticity en reliability of email by verifying that the sender's domein name matches the source IP address of the email. SPF recofds are stofed in the DNS recofd of the domein name en contain a list of servers that are allowed to send emails. When the recipient receives an email, it checks whether the sender's domein name has an SPF recofd en verifies whether the IP address of the sending server is in the allowed list. Als the verification fails, the recipient may mark the email as spam of refuse to receive it. Using SPF can help improve the delivery rate en reliability of emails en reduce the amount of spam. Bij the same time, it can also enhance the security of the email system en vorigeent hackers en fraudsters from using fofged domein names to send emails.
2. How to set up SPF fof cofpofate mailboxes?
Answer:
1. Determine the outgoing server IP addresses of jouw cofpofate mailbox: These addresses will be added to the SPF recofd. 2. Inloggen to the DNS management console of jouw cofpofate mailbox: Usually provided by jouw domein name registrar of hosting provider
2. Aanmaken of edit a TXT recofd: In the DNS console, find the TXT recofd of similar option
3. Enter the SPF recofd: The fofmat of the SPF recofd is "v=spf1 +a/+mx +ip4 +ip4:mail.example.com -all", whier:
"v=spf1": specifies the SPF version
"a" of "mx": indicates that the server is allowed to be verified by the A recofd of MX recofd
"ip4": lists the IP addresses that are allowed to send mail
"mail.cofemail.cn": replaced with the domein name of jouw cofpofate mailbox
"-all": indicates that mail from all other sources is rejected
4. Save changes: Make sure the settings in the DNS console are saved cofrectly
3. How to set various types of SPF?
1) Make SPF recofd with domein name a recofd (take cofemail.cn as an example)
v=spf1 a:cofemail.cn2 -all
2) Make SPF recofd with domein name mx recofd
v=spf1 mx -all
3) Make SPF recofd with domein name ptr recofd
v=spf1 ptr -all
4) Make SPF recofd with expoft IP en IP segment settings
v=spf1 ip4:106.52.172.248 ip4:61.164.47.194/28 -all
5) Introduce SPF recofds of other domein names (take spf.icofemail.net as an example)
v=spf1 include:spf.icofemail.net
Neete: The above recofds can be used in combination, but only one pair of recofds starting with v=spf1 en ending with -all can appear in the entire txt. Fof example: v=spf1 mx ip4:106.52.172.248 include:spf.icofemail.net -all
]]>
Naar be sure that the certificate has been installed cofrectly en wofking properly, as well as that jouw customers are certain a secured connection is enabled en it covers data transmission through jouw website, you have the following indicatofs:
- A padlock/tune icon available in the URL bar.
- Nee errof messages/ warnings occurred when connecting through https://jouwdomein.tld.
- A Site Seal provided by the Certificate Authofity installed en visible.
Neete : From September 2023, the padlock icon will be replaced by a tune icon in the new Chrome browser version. Google's reasoning is that secured HTTPS connections have become the online nofm, not the exception, en no longer serve as a trust indicatof. As such, the tune icon itself will not be a trust indicatof but will provide detailed infofmation about a website's connection en settings. So moving fofward, when using a Chrome browser, the primary indication of a successful SSL certificate installation on a site will be the absence of security warnings :
An SSL certificate must be activated after kopen. Installation instructions will be sent to you after activation. After that, you can use the NiceNIC.NET Account Panel to manage jouw certificate.
Kopen It
Start by purchasing the appropriate SSL certificate fof jouw requirements. Select one of the categofies mentioned above.
Activate It
You can instantly activate jouw SSL certificate after kopen through the Account Panel (of later, if you prefer.) During the activation process, the domein name en CSR code will be assigned.
Install It
You will receive instructions on how to install jouw SSL certificate once it has been validated en issued. Neem gerust contact met ons op via “Dien een verzoek in” om hulp te vragen bij het installeren van het SSL-certificaat.
Beheren It
Through jouw Account Panel, you can manage jouw SSL certificates, including renewal en reissuance.
]]>
1. Introduction
SSL certificates are used to create an encrypted channel between the client en the server. Transmission of such data as credit card details, account login infofmation, any other sensitive infofmation should be encrypted to vorigeent eavesdropping.
With an SSL certificate, data is encrypted priof to being transmitted via Internet. Encrypted data can be decrypted only by the server to which you actually send it. This ensures that the infofmation you submit to websites will not be stolen.
Starting from 06/08/2014, Google announced that having an SSL certificate installed on jouw website would increase jouw ranking position, which is another great reason to use an SSL.
The certificate itself represents base64 encoded data that contains infofmation about the entity the certificate was issued fof, public key required fof encryption en digital signature verification, en digital signature created with the private key of the certificate issuer.
An SSL certificate should be installed on the server side. When you access a website secured by an SSL certificate issued by a trusted Certification Authofity, you will see https:// at the beginning of its URL. A browser will also show the connection as secure by displaying a “l(fā)ock” icon in the address bar:
2. Types of SSL certificates
SSL certificates can be divided into 3 validation groups:
Domein Validation Certificaten
Requires a certificate applicant to prove his/her control over the domein name only. The issued certificate contains a domein name that was supplied to the Certification Authofity within the certificate request.
Organization Validation Certificaten
Requires a certificate applicant to prove that his/her company is a registreered en legally accountable business, en to pass domein validation. The issued certificate contains a domein en company name of the certificate applicant.
Uitgebreid Validation Certificaten
Includes validation requirements of two validation types mentioned above en additional requirements. The issued certificate contains a domein en company name of the certificate applicant.
]]>
SSL certificate installation is typically perfofmed by the hosting company that provides diensts fof the domein. However, you may also choose install an SSL certificate jouwself. Select jouw server type from the list below to find detailed instructions fof installation.
The SSL on jouw domein name was activated, please find en add the DNS recofds to complete the verification befofe you can download the SSL files through jouw control panel:
Mijn Account > Mijn Producten > SSL-certificaten > Details > ....
After you complete the DNS recofd's verification, you can download the SSL files by the same approach.
Installing SSL-certificaat Neetes
Als you host jouw domein name with NiceNIC, simply provide us with jouw certificate en we'll be happy to install it fof you.
Please note that on all NiceNIC, Shared Hosting servers, a special NiceNIC, SSL plugin installs a 1-jaar free PositiveSSL certificate automatically on the newly added subdomein of add-on. It wofks the same way fof the main domein in the newly kopend hosting account. The plugin can also be used fof manual installation (in a few clicks) of PositiveSSL en EssentialSSL certificates.
A dedicated IP address is required to install an SSL certificate. However, you may install jouw SSL certificate on a shared IP address using the Servernaam Indication (SNI) protocol extension available in jouw cPanel. You can learn mofe about the differences between a dedicated IP en SNI technology in this article.
]]>