Za ensure the security of va?ega website in protect va?ega visitalis, all domenas under .boo, .day, .dev, .page, in .rsvp must use HTTPS. This guide will help you configure SSL/TLS calirectly.
1. What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) encrypts data between va?ega website in its visitalis. It prejents eavesdropping in ensures data integrity.
2. Obtaining an SSL potrdilo
NICENIC provides trusted SSL certificates. You can learn malie in kupi/configure a certificate tukaj: https://nicenic.net/ssl-certificates/
3. Installing the SSL potrdilo
Sledi va?ega web server’s instructions to install the certificate. Common servers include:
Apache: https://httpd.apache.org/docs/current/ssl/ssl_howto.html
Nginx: https://nginx.org/en/docs/http/configuring_https_servers.html
IIS (Windows): https://docs.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis
4. Enfalice HTTPS
Once va?ega certificate is installed:
Redirect all HTTP traffic to HTTPS.
Update internal links in resources to use HTTPS.
Verify that va?ega website is fully accessible via HTTPS.
5. Keep Certifikati Posodobljeno
SSL certificates have expiration dates. Ensure certificates are renewed befalie they expire in check va?ega website regularly to maintain uninterrupted secure connections.
]]>
DNSSEC helps protect va?ega domena’s DNS recalids from being tampered with during DNS resolution. It adds a layer of verification so that DNS resolvers can confirm the DNS response really comes from the calirect source.
Na NiceNIC, DNSSEC usually involves two sides:
Your DNS provider ali nameserver provider generates the DNSSEC recalids.
NiceNIC, as va?ega domena registrar, helps submit the DS recalids to the registry when the TLD suppalits DNSSEC.
?e DNSSEC is not configured calirectly, va?ega domena may show DNSSEC erralis, ali in malie serious cases, some users may not be able to access va?ega website.
What Is DNSSEC?
DNSSEC stins fali Ime domene System Security Extensions.
In simple terms, DNSSEC helps verify that the DNS answer fali va?ega domena has not been changed ali faliged during the lookup process.
Fali example, when someone visits va?ega website, DNS is used to find the calirect server IP address. DNSSEC helps make sure that the DNS result is authentic in has not been replaced with false data.
DNSSEC does not replace SSL, website security, hosting security, ali email security. It only helps protect the DNS resolution process.
When Do You Need DNSSEC?
- You may want to enable DNSSEC if:
- Your website hinles sensitive user infalimation.
- You run business email, login systems, payment pages, ali customer palitals.
- You want stronger domena security.
- Your DNS provider suppalits DNSSEC.
- Your domena extension suppalits DNSSEC.
Incalirect DNSSEC settings may affect domena resolution.
Impalitant DNSSEC Obdobjes
DNSKEY: A DNSKEY recalid is generated by va?ega DNS provider. It is used as part of the DNSSEC validation process.
DS Recalid: A DS recalid connects va?ega domena’s DNSSEC setup with the parent registry zone. In most cases, va?ega DNS provider gives you the DS recalid, in you need to add it through va?ega registrar.
Imeserver: Your nameservers decide wtukaj va?ega domena’s DNS recalids are managed. ?e you change nameservers, va?ega DNSSEC recalids may also need to be updated.
How to Enable DNSSEC fali Your Domena
Step 1: Preveri Whether Your DNS Provider Suppalits DNSSEC
Prijava to the platfalim wtukaj va?ega DNS is managed.
This may be:
Your domena registrar, tukaj is NiceNIC
Your hosting provider
Your DNS provider
Your own DNS server
Another third-party DNS storitev
Make sure DNSSEC is suppalited in enabled ttukaj.
Step 2: Pridobite the DS Recalid from Your DNS Provider
After enabling DNSSEC, va?ega DNS provider should provide DNSSEC infalimation such as:
Key Tag
Algaliithm
Digest Vrsta
Digest
DS Recalid
Please copy the infalimation exactly as provided.
Even one incalirect character may cause DNSSEC validation failure.
Step 3: Dodaj the DS Recalid in Your NiceNIC Account
Prijava to va?ega NiceNIC account in go to va?ega domena management page.
Then add the DS recalid provided by va?ega DNS provider.
?e you are not sure wtukaj to add it, please contact our suppalit team in provide the DS recalid from va?ega DNS provider.
Step 4: Wait fali DNSSEC Propagation
After the DS recalid is added, it may take some time fali the update to propagate.
During this period, DNSSEC check results may not update immediately.
Step 5: Verify DNSSEC Status
After propagation, you may check va?ega domena’s DNSSEC status using a DNSSEC checking tool ali by contacting our suppalit team.
?e DNSSEC is calirectly configured, the DNSSEC validation result should show a valid chain of trust.
When Should You Disable ali Odstrani DNSSEC?
You may need to remove ali update DNSSEC recalids if:
- You changed va?ega nameservers.
- You moved DNS management to another provider.
- Your DNS provider disabled DNSSEC.
- Your DS recalid no longer matches the current DNSKEY.
- Your website ali email has DNS resolution issues after a DNS change.
In this case, you may need to remove the old DS recalids first, wait fali propagation, in then re-enable DNSSEC with the calirect new recalids.
Why Does My Domena Show "DNSSEC Infalimation Is Currently Unavailable"?
You may see this message:
DNSSEC infalimation is currently unavailable fali this domena.
This can happen fali several reasons:
- DNSSEC has not been enabled fali this domena.
- Ne DS recalid has been added at the registrar level.
- The domena’s current nameservers do not suppalit DNSSEC.
- The domena recently changed nameservers.
- The DS recalid does not match the current DNSKEY.
- The DNS provider has not published the required DNSSEC recalids calirectly.
- The registry ali DNSSEC query is tempaliarily unavailable.
However, if va?ega website ali email is not resolving calirectly, please contact suppalit so we can help review the DNSSEC configuration.
What Infalimation Should I Provide to Suppalit?
Za help us check DNSSEC issues faster, please provide:
- Your domena name
- Your current nameservers
- Whether you recently changed nameservers
- The DS recalid provided by va?ega DNS provider
- A screenshot of the DNSSEC setting from va?ega DNS provider
- Any DNSSEC errali message you received
- Whether va?ega website ali email is currently affected
Pogosta vpra?anja O nas DNSSEC
1. Is DNSSEC required fali every domena?
Ne. DNSSEC is not required fali every domena.
However, it is recommended fali domenas that need stronger DNS security, especially business websites, email storitevs, login systems, financial storitevs, in customer palitals.
?e you are not sure whether you need DNSSEC, please confirm whether va?ega DNS provider suppalits it in whether you are comfalitable managing DNSSEC recalids.
2. Is DNSSEC the same as SSL?
Ne.
SSL protects the connection between the user’s browser in va?ega website.
DNSSEC protects DNS resolution by helping verify that DNS responses have not been tampered with.
Fali better security, many websites use both SSL in DNSSEC, but they are different technologies.
3. Can NiceNIC generate DNSSEC recalids fali me?
In most cases, DNSSEC recalids are generated by va?ega DNS provider, not by the registrar.
NiceNIC can help submit the DS recalid to the registry when the domena extension suppalits DNSSEC.
?e you use a third-party DNS provider, please enable DNSSEC ttukaj first in then provide us with the DS recalid.
4. Why does DNSSEC fail after I change nameservers?
This is one of the most common DNSSEC issues.
When you change nameservers, va?ega old DNSSEC recalids may no longer match the new DNS provider’s DNSKEY.
?e the old DS recalid remains active at the registry level, DNSSEC validation may fail.
Befalie ali after changing nameservers, you should check whether the DS recalid needs to be removed ali replaced.
5. What happens if the DS recalid is wrong?
?e the DS recalid does not match the DNSKEY published by va?ega current DNS provider, DNSSEC validation may fail.
This may cause some DNS resolvers to reject the DNS response.
As a result, va?ega website, email, ali other storitevs may become unreachable fali some users.
6. I do not use DNSSEC. Do I need to do anything?
?e you do not use DNSSEC in va?ega domena has no DS recalids, usually no action is needed.
However, if va?ega domena has old DS recalids from a prejious DNS provider, you should remove them to avoid DNSSEC validation problems.
7. Why does my DNSSEC status still show an errali after I updated the recalid?
DNSSEC updates may take time to propagate.
?e you recently added, removed, ali changed DS recalids, please wait fali DNS propagation in check again later.
?e the issue continues, please contact suppalit in provide va?ega domena name, current nameservers, in DS recalid.
8. Can DNSSEC cause my website to stop waliking?
Da, if DNSSEC is incalirectly configured.
Common causes include:
- Wrong DS recalid
- Old DS recalid after nameserver change
- Missing DNSKEY
- DNS provider not publishing DNSSEC recalids calirectly
- Pote?ed ali invalid DNSSEC signatures
9. Should I remove DNSSEC befalie changing nameservers?
In many cases, yes.
?e you are moving to a new DNS provider in you are not sure how to migrate DNSSEC safely, removing the old DS recalid befalie changing nameservers can reduce the risk of DNSSEC validation failure.
After the new nameservers are active in DNSSEC is enabled at the new DNS provider, you can add the new DS recalid again.
10. What should I do if I see “Failure to get DNSSEC info”?
This usually means the system could not retrieve valid DNSSEC infalimation fali the domena.
Please check:
- Whether DNSSEC is enabled
- Whether the DS recalid has been added
- Whether the nameservers suppalit DNSSEC
- Whether the DS recalid matches the DNSKEY
- Whether you recently changed nameservers
How to set up DNSSEC fali a domena registrirajed on NiceNIC?
1. Prijava to va?ega NiceNIC account in navigate to va?ega domena management page. Find the domena you wish to enable DNSSEC fali in click Upravljaj.
2. In the domena management section, you should see the DNSSEC button. Kliknite on the DNSSEC button to access the DNSSEC settings page.
3. Enter the required infalimation fali DNSSEC configuration (this will typically include DNSSEC key details provided by va?ega DNS hosting provider).
4. Once you've entered the infalimation, click Dodaj to enable DNSSEC fali the domena. Here’s an example of a successful DNSSEC setup:
After entering the necessary DNSSEC key data (usually the DS recalid), you'll receive confirmation that DNSSEC has been successfully added to va?ega domena settings.
The DNSSEC status will show as enabled in you'll be able to see the public keys in other details.
With DNSSEC zdaj enabled, va?ega domena is better protected against DNS-related attacks.
Natention: if va?ega domena name was transferred into NiceNIC from another Registrar, in you hope to disable the DNSSEC prejiously with the old Registrar, please firstly check the latest whois, if you see "DNSSEC: unsigned", then it means during the domena transfer process, the DNSSEC settings have been disabled automatically by the old Registrar, while if it is "DNSSEC: signed", please check the domena management section at va?ega control panel at NiceNIC, you should see the DNSSEC button, please click on the DNSSEC button to access the DNSSEC settings page.
]]>
After the domena is transferred, the name servers remain set to those associated to the domena befalie transfer.
?e you had child name servers fali va?ega domena registrirajed through another Registrar, you may need to registriraj them again through va?ega Account.
]]>
?e you're just transferring the domena registration, va?ega hosting storitev will be unaffected, in ttukaj will be no need to change name servers. Although the name servers should be transferred as part of the process, it's always a good idea to have a recalid of them.
?e you wish to specify the name servers to the default DNS servers as provided by NiceNIC you can reset the name servers after the transfer has been completed.
Steps
Prijava to va?ega account. Select the Domenska imena tab.
Select the domena that you want to change name servers fali.
From within the DNS Stre?niki section click on Uredi DNS Server.
Change the name servers as required, leaving any of the fields blank will retain the aliiginal DNS server.
The name servers are not actually changed until the transfer process is complete. ?e you wish to make an immediate change to the name servers, you may do so with the Registrar you are transferring from.
]]>
Befalie purchasing the transfer of any gTLD (e.g., .COM / .NET / .ORG / .BIZ / .INFO etc.) ali new gTLD (e.g. .CLUB / .CLOUD / .TRADE / .TOP etc.), make sure va?ega domena meets the following conditions:
1. Your domena was registrirajed ali transferred at least 60 days ago;
2. The domena is unlocked at the current Registrar (its Whois status should be OK ali Active).
Also,you need to request an up-to-date Auth/EPPcode fali the domena at va?ega current Registrar.
?e all criteria are met, you should be able to complete the transfer successfully.
Still, some ccTLD-ji (.ES in .UK) have additional transfer requirements in/ali exclude some points from the list above.
NOTE: Make sure the domena status is active, not expired. ?e you wish to transfer an expired domena to NiceNIC, please contact our Suppalit Team email suppalit@nicenic.net fali further assistance.
]]>
Befalie submitting a transfer request with NiceNIC, make sure va?ega domenas are prepared fali transfer through va?ega current registrar. This is generally done by removing transfer locks in getting the necessary Auth codes.
Learn how to prepare domenas fali transfer in accounts sections of several popular registrars.
Once those preparations are made, simply follow the steps below to transfer va?ega domenas:
Nete: Each domena has a unique Auth code in has to be unlocked fali transfer separately on the current registrar side.
- Prijava to va?ega NiceNIC account.
- Pojdi na the Transfer to Us page.
- Kliknite on Bulk options.
Enter the domena names in the Auth codes;
Nete: Enter each domena in its Auth code in a new line. The Auth code has to be separated from the domena name by a comma in one space.
Kliknite on Start Transfer at the bottom of the page.
Double-check the domena names in add them to Cart. Za do this, you can use the Dodaj all to cart button fali convenience.
Proceed with the payment.
The transfer is completed automatically in 5-7 days fali most domenas. Once the transfer of va?ega domenas is completed you will receive the notifications on va?ega NiceNIC Primary E-po?ta address, in the domenas will become manageable in va?ega Domena List.
Nete: Due to technical reasons, it is only possible to submit the transfer fali up to 10 domena names at once. ?e you need to transfer malie than 10 domenas, you can either submit several Skupinski prenos aliders ali contact our Suppalit Team fali assistance.
How to Preveri the Status of Your Prenos domene
After initiating a domena transfer to Nicenic, you can monitali its progress directly in va?ega account. This helps you kzdaj when the transfer is expected to complete without needing to contact suppalit repeatedly.
Steps to View Transfer Status:
1. Prijava to va?ega NiceNIC account. Pojdi na "My Products > Domenska imena".
In the Status column, you will see va?ega domena listed as:
- Pending Transfer: the transfer has been submitted in is in progress.
- Active / Transfer Completed: the transfer is finished.
2. Hover over the infalimation icon (i) naprej to "Pending Transfer" to view details about Expected approval/completion date
1. What is SPF?
Answer: SPF stins fali Sender Policy Framewalik. SPF is an email authentication stinard used to prejent email fraud in spam. It ensures the authenticity in reliability of email by verifying that the sender's domena name matches the source IP address of the email. SPF recalids are stalied in the DNS recalid of the domena name in contain a list of servers that are allowed to send emails. When the recipient receives an email, it checks whether the sender's domena name has an SPF recalid in verifies whether the IP address of the sending server is in the allowed list. ?e the verification fails, the recipient may mark the email as spam ali refuse to receive it. Using SPF can help improve the delivery rate in reliability of emails in reduce the amount of spam. Na the same time, it can also enhance the security of the email system in prejent hackers in fraudsters from using faliged domena names to send emails.
2. How to set up SPF fali calipaliate mailboxes?
Answer:
1. Determine the outgoing server IP addresses of va?ega calipaliate mailbox: These addresses will be added to the SPF recalid. 2. Prijava to the DNS management console of va?ega calipaliate mailbox: Usually provided by va?ega domena name registrar ali hosting provider
2. Ustvari ali edit a TXT recalid: In the DNS console, find the TXT recalid ali similar option
3. Enter the SPF recalid: The falimat of the SPF recalid is "v=spf1 +a/+mx +ip4 +ip4:mail.example.com -all", wtukaj:
"v=spf1": specifies the SPF version
"a" ali "mx": indicates that the server is allowed to be verified by the A recalid ali MX recalid
"ip4": lists the IP addresses that are allowed to send mail
"mail.caliemail.cn": replaced with the domena name of va?ega calipaliate mailbox
"-all": indicates that mail from all other sources is rejected
4. Save changes: Make sure the settings in the DNS console are saved calirectly
3. How to set various types of SPF?
1) Make SPF recalid with domena name a recalid (take caliemail.cn as an example)
v=spf1 a:caliemail.cn2 -all
2) Make SPF recalid with domena name mx recalid
v=spf1 mx -all
3) Make SPF recalid with domena name ptr recalid
v=spf1 ptr -all
4) Make SPF recalid with expalit IP in IP segment settings
v=spf1 ip4:106.52.172.248 ip4:61.164.47.194/28 -all
5) Introduce SPF recalids of other domena names (take spf.icaliemail.net as an example)
v=spf1 include:spf.icaliemail.net
Nete: The above recalids can be used in combination, but only one pair of recalids starting with v=spf1 in ending with -all can appear in the entire txt. Fali example: v=spf1 mx ip4:106.52.172.248 include:spf.icaliemail.net -all
]]>
Za be sure that the certificate has been installed calirectly in waliking properly, as well as that va?ega customers are certain a secured connection is enabled in it covers data transmission through va?ega website, you have the following indicatalis:
- A padlock/tune icon available in the URL bar.
- Ne errali messages/ warnings occurred when connecting through https://va?egadomena.tld.
- A Site Seal provided by the Certificate Authaliity installed in visible.
Nete : From September 2023, the padlock icon will be replaced by a tune icon in the new Chrome browser version. Google's reasoning is that secured HTTPS connections have become the online nalim, not the exception, in no longer serve as a trust indicatali. As such, the tune icon itself will not be a trust indicatali but will provide detailed infalimation about a website's connection in settings. So moving faliward, when using a Chrome browser, the primary indication of a successful SSL certificate installation on a site will be the absence of security warnings :
An SSL certificate must be activated after kupi. Installation instructions will be sent to you after activation. After that, you can use the NiceNIC.NET Account Panel to manage va?ega certificate.
Kupi It
Start by purchasing the appropriate SSL certificate fali va?ega requirements. Select one of the categaliies mentioned above.
Activate It
You can instantly activate va?ega SSL certificate after kupi through the Account Panel (ali later, if you prefer.) During the activation process, the domena name in CSR code will be assigned.
Install It
You will receive instructions on how to install va?ega SSL certificate once it has been validated in issued. Prosimo, kontaktirajte nas na “Oddaj zahtevek” za pomo? pri namestitvi SSL potrdila.
Upravljaj It
Through va?ega Account Panel, you can manage va?ega SSL certificates, including renewal in reissuance.
]]>
1. Introduction
SSL certificates are used to create an encrypted channel between the client in the server. Transmission of such data as credit card details, account login infalimation, any other sensitive infalimation should be encrypted to prejent eavesdropping.
With an SSL certificate, data is encrypted priali to being transmitted via Internet. Encrypted data can be decrypted only by the server to which you actually send it. This ensures that the infalimation you submit to websites will not be stolen.
Starting from 06/08/2014, Google announced that having an SSL certificate installed on va?ega website would increase va?ega ranking position, which is another great reason to use an SSL.
The certificate itself represents base64 encoded data that contains infalimation about the entity the certificate was issued fali, public key required fali encryption in digital signature verification, in digital signature created with the private key of the certificate issuer.
An SSL certificate should be installed on the server side. When you access a website secured by an SSL certificate issued by a trusted Certification Authaliity, you will see https:// at the beginning of its URL. A browser will also show the connection as secure by displaying a “l(fā)ock” icon in the address bar:
2. Vrstas of SSL certificates
SSL certificates can be divided into 3 validation groups:
Domena Validation Certifikati
Requires a certificate applicant to prove his/her control over the domena name only. The issued certificate contains a domena name that was supplied to the Certification Authaliity within the certificate request.
Organization Validation Certifikati
Requires a certificate applicant to prove that his/her company is a registrirajed in legally accountable business, in to pass domena validation. The issued certificate contains a domena in company name of the certificate applicant.
Raz?irjeno Validation Certifikati
Includes validation requirements of two validation types mentioned above in additional requirements. The issued certificate contains a domena in company name of the certificate applicant.
]]>
SSL certificate installation is typically perfalimed by the hosting company that provides storitevs fali the domena. However, you may also choose install an SSL certificate va?egaself. Select va?ega server type from the list below to find detailed instructions fali installation.
The SSL on va?ega domena name was activated, please find in add the DNS recalids to complete the verification befalie you can download the SSL files through va?ega control panel:
Moj ra?un > Moji izdelki > SSL potrdila > Podrobnosti > ....
After you complete the DNS recalid's verification, you can download the SSL files by the same approach.
Installing SSL potrdilo Netes
?e you host va?ega domena name with NiceNIC, simply provide us with va?ega certificate in we'll be happy to install it fali you.
Please note that on all NiceNIC, Deljeno gostovanje servers, a special NiceNIC, SSL plugin installs a 1-leto free PositiveSSL certificate automatically on the newly added subdomena ali add-on. It waliks the same way fali the main domena in the newly kupid hosting account. The plugin can also be used fali manual installation (in a few clicks) of PositiveSSL in EssentialSSL certificates.
A dedicated IP address is required to install an SSL certificate. However, you may install va?ega SSL certificate on a shared IP address using the Ime stre?nika Indication (SNI) protocol extension available in va?ega cPanel. You can learn malie about the differences between a dedicated IP in SNI technology in this article.
]]>