To ensure the security of your website and protect your visitors, all domains under .boo, .day, .dev, .page, and .rsvp must use HTTPS. This guide will help you configure SSL/TLS correctly.
1. What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) encrypts data between your website and its visitors. It prevents eavesdropping and ensures data integrity.
2. Obtaining an SSL Certificate
NICENIC provides trusted SSL certificates. You can learn more and purchase/configure a certificate here: https://nicenic.net/ssl-certificates/
3. Installing the SSL Certificate
Follow your web server’s instructions to install the certificate. Common servers include:
Apache: https://httpd.apache.org/docs/current/ssl/ssl_howto.html
Nginx: https://nginx.org/en/docs/http/configuring_https_servers.html
IIS (Windows): https://docs.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis
4. Enforce HTTPS
Once your certificate is installed:
Redirect all HTTP traffic to HTTPS.
Update internal links and resources to use HTTPS.
Verify that your website is fully accessible via HTTPS.
5. Keep Certificates Updated
SSL certificates have expiration dates. Ensure certificates are renewed before they expire and check your website regularly to maintain uninterrupted secure connections.
]]>
DNSSEC helps protect your domain’s DNS records from being tampered with during DNS resolution. It adds a layer of verification so that DNS resolvers can confirm the DNS response really comes from the correct source.
At NiceNIC, DNSSEC usually involves two sides:
Your DNS provider or nameserver provider generates the DNSSEC records.
NiceNIC, as your domain registrar, helps submit the DS records to the registry when the TLD supports DNSSEC.
If DNSSEC is not configured correctly, your domain may show DNSSEC errors, or in more serious cases, some users may not be able to access your website.
What Is DNSSEC?
DNSSEC stands for Domain Name System Security Extensions.
In simple terms, DNSSEC helps verify that the DNS answer for your domain has not been changed or forged during the lookup process.
For example, when someone visits your website, DNS is used to find the correct server IP address. DNSSEC helps make sure that the DNS result is authentic and has not been replaced with false data.
DNSSEC does not replace SSL, website security, hosting security, or email security. It only helps protect the DNS resolution process.
When Do You Need DNSSEC?
- You may want to enable DNSSEC if:
- Your website handles sensitive user information.
- You run business email, login systems, payment pages, or customer portals.
- You want stronger domain security.
- Your DNS provider supports DNSSEC.
- Your domain extension supports DNSSEC.
Incorrect DNSSEC settings may affect domain resolution.
Important DNSSEC Terms
DNSKEY: A DNSKEY record is generated by your DNS provider. It is used as part of the DNSSEC validation process.
DS Record: A DS record connects your domain’s DNSSEC setup with the parent registry zone. In most cases, your DNS provider gives you the DS record, and you need to add it through your registrar.
Nameserver: Your nameservers decide where your domain’s DNS records are managed. If you change nameservers, your DNSSEC records may also need to be updated.
How to Enable DNSSEC for Your Domain
Step 1: Check Whether Your DNS Provider Supports DNSSEC
Log in to the platform where your DNS is managed.
This may be:
Your domain registrar, here is NiceNIC
Your hosting provider
Your DNS provider
Your own DNS server
Another third-party DNS service
Make sure DNSSEC is supported and enabled there.
Step 2: Get the DS Record from Your DNS Provider
After enabling DNSSEC, your DNS provider should provide DNSSEC information such as:
Key Tag
Algorithm
Digest Type
Digest
DS Record
Please copy the information exactly as provided.
Even one incorrect character may cause DNSSEC validation failure.
Step 3: Add the DS Record in Your NiceNIC Account
Log in to your NiceNIC account and go to your domain management page.
Then add the DS record provided by your DNS provider.
If you are not sure where to add it, please contact our support team and provide the DS record from your DNS provider.
Step 4: Wait for DNSSEC Propagation
After the DS record is added, it may take some time for the update to propagate.
During this period, DNSSEC check results may not update immediately.
Step 5: Verify DNSSEC Status
After propagation, you may check your domain’s DNSSEC status using a DNSSEC checking tool or by contacting our support team.
If DNSSEC is correctly configured, the DNSSEC validation result should show a valid chain of trust.
When Should You Disable or Remove DNSSEC?
You may need to remove or update DNSSEC records if:
- You changed your nameservers.
- You moved DNS management to another provider.
- Your DNS provider disabled DNSSEC.
- Your DS record no longer matches the current DNSKEY.
- Your website or email has DNS resolution issues after a DNS change.
In this case, you may need to remove the old DS records first, wait for propagation, and then re-enable DNSSEC with the correct new records.
Why Does My Domain Show "DNSSEC Information Is Currently Unavailable"?
You may see this message:
DNSSEC information is currently unavailable for this domain.
This can happen for several reasons:
- DNSSEC has not been enabled for this domain.
- No DS record has been added at the registrar level.
- The domain’s current nameservers do not support DNSSEC.
- The domain recently changed nameservers.
- The DS record does not match the current DNSKEY.
- The DNS provider has not published the required DNSSEC records correctly.
- The registry or DNSSEC query is temporarily unavailable.
However, if your website or email is not resolving correctly, please contact support so we can help review the DNSSEC configuration.
What Information Should I Provide to Support?
To help us check DNSSEC issues faster, please provide:
- Your domain name
- Your current nameservers
- Whether you recently changed nameservers
- The DS record provided by your DNS provider
- A screenshot of the DNSSEC setting from your DNS provider
- Any DNSSEC error message you received
- Whether your website or email is currently affected
Frequently Asked Questions About DNSSEC
1. Is DNSSEC required for every domain?
No. DNSSEC is not required for every domain.
However, it is recommended for domains that need stronger DNS security, especially business websites, email services, login systems, financial services, and customer portals.
If you are not sure whether you need DNSSEC, please confirm whether your DNS provider supports it and whether you are comfortable managing DNSSEC records.
2. Is DNSSEC the same as SSL?
No.
SSL protects the connection between the user’s browser and your website.
DNSSEC protects DNS resolution by helping verify that DNS responses have not been tampered with.
For better security, many websites use both SSL and DNSSEC, but they are different technologies.
3. Can NiceNIC generate DNSSEC records for me?
In most cases, DNSSEC records are generated by your DNS provider, not by the registrar.
NiceNIC can help submit the DS record to the registry when the domain extension supports DNSSEC.
If you use a third-party DNS provider, please enable DNSSEC there first and then provide us with the DS record.
4. Why does DNSSEC fail after I change nameservers?
This is one of the most common DNSSEC issues.
When you change nameservers, your old DNSSEC records may no longer match the new DNS provider’s DNSKEY.
If the old DS record remains active at the registry level, DNSSEC validation may fail.
Before or after changing nameservers, you should check whether the DS record needs to be removed or replaced.
5. What happens if the DS record is wrong?
If the DS record does not match the DNSKEY published by your current DNS provider, DNSSEC validation may fail.
This may cause some DNS resolvers to reject the DNS response.
As a result, your website, email, or other services may become unreachable for some users.
6. I do not use DNSSEC. Do I need to do anything?
If you do not use DNSSEC and your domain has no DS records, usually no action is needed.
However, if your domain has old DS records from a previous DNS provider, you should remove them to avoid DNSSEC validation problems.
7. Why does my DNSSEC status still show an error after I updated the record?
DNSSEC updates may take time to propagate.
If you recently added, removed, or changed DS records, please wait for DNS propagation and check again later.
If the issue continues, please contact support and provide your domain name, current nameservers, and DS record.
8. Can DNSSEC cause my website to stop working?
Yes, if DNSSEC is incorrectly configured.
Common causes include:
- Wrong DS record
- Old DS record after nameserver change
- Missing DNSKEY
- DNS provider not publishing DNSSEC records correctly
- Expired or invalid DNSSEC signatures
9. Should I remove DNSSEC before changing nameservers?
In many cases, yes.
If you are moving to a new DNS provider and you are not sure how to migrate DNSSEC safely, removing the old DS record before changing nameservers can reduce the risk of DNSSEC validation failure.
After the new nameservers are active and DNSSEC is enabled at the new DNS provider, you can add the new DS record again.
10. What should I do if I see “Failure to get DNSSEC info”?
This usually means the system could not retrieve valid DNSSEC information for the domain.
Please check:
- Whether DNSSEC is enabled
- Whether the DS record has been added
- Whether the nameservers support DNSSEC
- Whether the DS record matches the DNSKEY
- Whether you recently changed nameservers
How to set up DNSSEC for a domain registered on NiceNIC?
1. Log in to your NiceNIC account and navigate to your domain management page. Find the domain you wish to enable DNSSEC for and click Manage.
2. In the domain management section, you should see the DNSSEC button. Click on the DNSSEC button to access the DNSSEC settings page.
3. Enter the required information for DNSSEC configuration (this will typically include DNSSEC key details provided by your DNS hosting provider).
4. Once you've entered the information, click Add to enable DNSSEC for the domain. Here’s an example of a successful DNSSEC setup:
After entering the necessary DNSSEC key data (usually the DS record), you'll receive confirmation that DNSSEC has been successfully added to your domain settings.
The DNSSEC status will show as enabled and you'll be able to see the public keys and other details.
With DNSSEC now enabled, your domain is better protected against DNS-related attacks.
Attention: if your domain name was transferred into NiceNIC from another Registrar, and you hope to disable the DNSSEC previously with the old Registrar, please firstly check the latest whois, if you see "DNSSEC: unsigned", then it means during the domain transfer process, the DNSSEC settings have been disabled automatically by the old Registrar, while if it is "DNSSEC: signed", please check the domain management section at your control panel at NiceNIC, you should see the DNSSEC button, please click on the DNSSEC button to access the DNSSEC settings page.
]]>
After the domain is transferred, the name servers remain set to those associated to the domain before transfer.
If you had child name servers for your domain registered through another Registrar, you may need to register them again through your Account.
]]>
If you're just transferring the domain registration, your hosting service will be unaffected, and there will be no need to change name servers. Although the name servers should be transferred as part of the process, it's always a good idea to have a record of them.
If you wish to specify the name servers to the default DNS servers as provided by NiceNIC you can reset the name servers after the transfer has been completed.
Steps
Login to your account. Select the Domain Names tab.
Select the domain that you want to change name servers for.
From within the DNS Servers section click on Edit DNS Server.
Change the name servers as required, leaving any of the fields blank will retain the original DNS server.
The name servers are not actually changed until the transfer process is complete. If you wish to make an immediate change to the name servers, you may do so with the Registrar you are transferring from.
]]>
Before purchasing the transfer of any gTLD (e.g., .COM / .NET / .ORG / .BIZ / .INFO etc.) or new gTLD (e.g. .CLUB / .CLOUD / .TRADE / .TOP etc.), make sure your domain meets the following conditions:
1. Your domain was registered or transferred at least 60 days ago;
2. The domain is unlocked at the current Registrar (its Whois status should be OK or Active).
Also,you need to request an up-to-date Auth/EPPcode for the domain at your current Registrar.
If all criteria are met, you should be able to complete the transfer successfully.
Still, some ccTLDs (.ES and .UK) have additional transfer requirements and/or exclude some points from the list above.
NOTE: Make sure the domain status is active, not expired. If you wish to transfer an expired domain to NiceNIC, please contact our Support Team email support@nicenic.net for further assistance.
]]>
Before submitting a transfer request with NiceNIC, make sure your domains are prepared for transfer through your current registrar. This is generally done by removing transfer locks and getting the necessary Auth codes.
Learn how to prepare domains for transfer in accounts sections of several popular registrars.
Once those preparations are made, simply follow the steps below to transfer your domains:
Note: Each domain has a unique Auth code and has to be unlocked for transfer separately on the current registrar side.
Log in to your NiceNIC account.
Go to the Transfer to Us page.
Click on Bulk options.
Enter the domain names and the Auth codes;
Note: Enter each domain and its Auth code in a new line. The Auth code has to be separated from the domain name by a comma and one space.
Click on Start Transfer at the bottom of the page.
Double-check the domain names and add them to Cart. To do this, you can use the Add all to cart button for convenience.
Proceed with the payment.
The transfer is completed automatically in 5-7 days for most domains. Once the transfer of your domains is completed you will receive the notifications on your NiceNIC Primary Email address, and the domains will become manageable in your Domain List.
Note: Due to technical reasons, it is only possible to submit the transfer for up to 10 domain names at once. If you need to transfer more than 10 domains, you can either submit several Bulk Transfer orders or contact our Support Team for assistance.
]]>
1. What is SPF?
Answer: SPF stands for Sender Policy Framework. SPF is an email authentication standard used to prevent email fraud and spam. It ensures the authenticity and reliability of email by verifying that the sender's domain name matches the source IP address of the email. SPF records are stored in the DNS record of the domain name and contain a list of servers that are allowed to send emails. When the recipient receives an email, it checks whether the sender's domain name has an SPF record and verifies whether the IP address of the sending server is in the allowed list. If the verification fails, the recipient may mark the email as spam or refuse to receive it. Using SPF can help improve the delivery rate and reliability of emails and reduce the amount of spam. At the same time, it can also enhance the security of the email system and prevent hackers and fraudsters from using forged domain names to send emails.
2. How to set up SPF for corporate mailboxes?
Answer:
1. Determine the outgoing server IP addresses of your corporate mailbox: These addresses will be added to the SPF record. 2. Log in to the DNS management console of your corporate mailbox: Usually provided by your domain name registrar or hosting provider
2. Create or edit a TXT record: In the DNS console, find the TXT record or similar option
3. Enter the SPF record: The format of the SPF record is "v=spf1 +a/+mx +ip4 +ip4:mail.example.com -all", where:
"v=spf1": specifies the SPF version
"a" or "mx": indicates that the server is allowed to be verified by the A record or MX record
"ip4": lists the IP addresses that are allowed to send mail
"mail.coremail.cn": replaced with the domain name of your corporate mailbox
"-all": indicates that mail from all other sources is rejected
4. Save changes: Make sure the settings in the DNS console are saved correctly
3. How to set various types of SPF?
1) Make SPF record with domain name a record (take coremail.cn as an example)
v=spf1 a:coremail.cn2 -all
2) Make SPF record with domain name mx record
v=spf1 mx -all
3) Make SPF record with domain name ptr record
v=spf1 ptr -all
4) Make SPF record with export IP and IP segment settings
v=spf1 ip4:106.52.172.248 ip4:61.164.47.194/28 -all
5) Introduce SPF records of other domain names (take spf.icoremail.net as an example)
v=spf1 include:spf.icoremail.net
Note: The above records can be used in combination, but only one pair of records starting with v=spf1 and ending with -all can appear in the entire txt. For example: v=spf1 mx ip4:106.52.172.248 include:spf.icoremail.net -all
]]>
To be sure that the certificate has been installed correctly and working properly, as well as that your customers are certain a secured connection is enabled and it covers data transmission through your website, you have the following indicators:
- A padlock/tune icon available in the URL bar.
- No error messages/ warnings occurred when connecting through https://yourdomain.tld.
- A Site Seal provided by the Certificate Authority installed and visible.
Note : From September 2023, the padlock icon will be replaced by a tune icon in the new Chrome browser version. Google's reasoning is that secured HTTPS connections have become the online norm, not the exception, and no longer serve as a trust indicator. As such, the tune icon itself will not be a trust indicator but will provide detailed information about a website's connection and settings. So moving forward, when using a Chrome browser, the primary indication of a successful SSL certificate installation on a site will be the absence of security warnings :
An SSL certificate must be activated after purchase. Installation instructions will be sent to you after activation. After that, you can use the NiceNIC.NET Account Panel to manage your certificate.
Buy It
Start by purchasing the appropriate SSL certificate for your requirements. Select one of the categories mentioned above.
Activate It
You can instantly activate your SSL certificate after purchase through the Account Panel (or later, if you prefer.) During the activation process, the domain name and CSR code will be assigned.
Install It
You will receive instructions on how to install your SSL certificate once it has been validated and issued. Please feel free to contact us by “Submit a Ticket” to ask for assistance in installing SSL certificate.
Manage It
Through your Account Panel, you can manage your SSL certificates, including renewal and reissuance.
]]>
1. Introduction
SSL certificates are used to create an encrypted channel between the client and the server. Transmission of such data as credit card details, account login information, any other sensitive information should be encrypted to prevent eavesdropping.
With an SSL certificate, data is encrypted prior to being transmitted via Internet. Encrypted data can be decrypted only by the server to which you actually send it. This ensures that the information you submit to websites will not be stolen.
Starting from 06/08/2014, Google announced that having an SSL certificate installed on your website would increase your ranking position, which is another great reason to use an SSL.
The certificate itself represents base64 encoded data that contains information about the entity the certificate was issued for, public key required for encryption and digital signature verification, and digital signature created with the private key of the certificate issuer.
An SSL certificate should be installed on the server side. When you access a website secured by an SSL certificate issued by a trusted Certification Authority, you will see https:// at the beginning of its URL. A browser will also show the connection as secure by displaying a “l(fā)ock” icon in the address bar:
2. Types of SSL certificates
SSL certificates can be divided into 3 validation groups:
Domain Validation Certificates
Requires a certificate applicant to prove his/her control over the domain name only. The issued certificate contains a domain name that was supplied to the Certification Authority within the certificate request.
Organization Validation Certificates
Requires a certificate applicant to prove that his/her company is a registered and legally accountable business, and to pass domain validation. The issued certificate contains a domain and company name of the certificate applicant.
Extended Validation Certificates
Includes validation requirements of two validation types mentioned above and additional requirements. The issued certificate contains a domain and company name of the certificate applicant.
]]>
SSL certificate installation is typically performed by the hosting company that provides services for the domain. However, you may also choose install an SSL certificate yourself. Select your server type from the list below to find detailed instructions for installation.
The SSL on your domain name was activated, please find and add the DNS records to complete the verification before you can download the SSL files through your control panel:
My Account > My Products > SSL Certificates > Detail > ....
After you complete the DNS record's verification, you can download the SSL files by the same approach.
Installing SSL Certificate Notes
If you host your domain name with NiceNIC, simply provide us with your certificate and we'll be happy to install it for you.
Please note that on all NiceNIC, Shared Hosting servers, a special NiceNIC, SSL plugin installs a 1-year free PositiveSSL certificate automatically on the newly added subdomain or add-on. It works the same way for the main domain in the newly purchased hosting account. The plugin can also be used for manual installation (in a few clicks) of PositiveSSL and EssentialSSL certificates.
A dedicated IP address is required to install an SSL certificate. However, you may install your SSL certificate on a shared IP address using the Server Name Indication (SNI) protocol extension available in your cPanel. You can learn more about the differences between a dedicated IP and SNI technology in this article.
]]>