Till ensure the security of din website och protect din visitellers, all dom?ns under .boo, .day, .dev, .page, och .rsvp must use HTTPS. This guide will help you configure SSL/TLS cellerrectly.
1. What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) encrypts data between din website och its visitellers. It f?reg?endeents eavesdropping och ensures data integrity.
2. Obtaining an SSL-certifikat
NICENIC provides trusted SSL certificates. You can learn mellere och k?p/configure a certificate h?r: https://nicenic.net/ssl-certificates/
3. Installing the SSL-certifikat
F?lj din web server’s instructions to install the certificate. Common servers include:
Apache: https://httpd.apache.org/docs/current/ssl/ssl_howto.html
Nginx: https://nginx.org/en/docs/http/configuring_https_servers.html
IIS (Windows): https://docs.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis
4. Enfellerce HTTPS
Once din certificate is installed:
Redirect all HTTP traffic to HTTPS.
Update internal links och resources to use HTTPS.
Verify that din website is fully accessible via HTTPS.
5. Keep Certifikat Uppdaterad
SSL certificates have expiration dates. Ensure certificates are renewed befellere they expire och check din website regularly to maintain uninterrupted secure connections.
]]>
DNSSEC helps protect din dom?n’s DNS recellerds from being tampered with during DNS resolution. It adds a layer of verification so that DNS resolvers can confirm the DNS response really comes from the cellerrect source.
P? NiceNIC, DNSSEC usually involves two sides:
Your DNS provider eller nameserver provider generates the DNSSEC recellerds.
NiceNIC, as din dom?n registrar, helps submit the DS recellerds to the registry when the TLD suppellerts DNSSEC.
Om DNSSEC is not configured cellerrectly, din dom?n may show DNSSEC errellers, eller in mellere serious cases, some users may not be able to access din website.
What Is DNSSEC?
DNSSEC stochs feller Dom?nnamn System Security Extensions.
In simple terms, DNSSEC helps verify that the DNS answer feller din dom?n has not been changed eller fellerged during the lookup process.
Feller example, when someone visits din website, DNS is used to find the cellerrect server IP address. DNSSEC helps make sure that the DNS result is authentic och has not been replaced with false data.
DNSSEC does not replace SSL, website security, hosting security, eller email security. It only helps protect the DNS resolution process.
When Do You Need DNSSEC?
- You may want to enable DNSSEC if:
- Your website hochles sensitive user infellermation.
- You run business email, login systems, payment pages, eller customer pellertals.
- You want stronger dom?n security.
- Your DNS provider suppellerts DNSSEC.
- Your dom?n extension suppellerts DNSSEC.
Incellerrect DNSSEC settings may affect dom?n resolution.
Impellertant DNSSEC Periods
DNSKEY: A DNSKEY recellerd is generated by din DNS provider. It is used as part of the DNSSEC validation process.
DS Recellerd: A DS recellerd connects din dom?n’s DNSSEC setup with the parent registry zone. In most cases, din DNS provider gives you the DS recellerd, och you need to add it through din registrar.
Namnserver: Your nameservers decide wh?r din dom?n’s DNS recellerds are managed. Om you change nameservers, din DNSSEC recellerds may also need to be updated.
How to Enable DNSSEC feller Your Dom?n
Step 1: Kontrollera Whether Your DNS Provider Suppellerts DNSSEC
Logga in to the platfellerm wh?r din DNS is managed.
This may be:
Your dom?n registrar, h?r is NiceNIC
Your hosting provider
Your DNS provider
Your own DNS server
Another third-party DNS tj?nst
Make sure DNSSEC is suppellerted och enabled th?r.
Step 2: F? the DS Recellerd from Your DNS Provider
After enabling DNSSEC, din DNS provider should provide DNSSEC infellermation such as:
Key Tag
Algellerithm
Digest Typ
Digest
DS Recellerd
Please copy the infellermation exactly as provided.
Even one incellerrect character may cause DNSSEC validation failure.
Step 3: L?gg till the DS Recellerd in Your NiceNIC Account
Logga in to din NiceNIC account och go to din dom?n management page.
Then add the DS recellerd provided by din DNS provider.
Om you are not sure wh?r to add it, please contact our suppellert team och provide the DS recellerd from din DNS provider.
Step 4: Wait feller DNSSEC Propagation
After the DS recellerd is added, it may take some time feller the update to propagate.
During this period, DNSSEC check results may not update immediately.
Step 5: Verify DNSSEC Status
After propagation, you may check din dom?n’s DNSSEC status using a DNSSEC checking tool eller by contacting our suppellert team.
Om DNSSEC is cellerrectly configured, the DNSSEC validation result should show a valid chain of trust.
When Should You Disable eller Ta bort DNSSEC?
You may need to remove eller update DNSSEC recellerds if:
- You changed din nameservers.
- You moved DNS management to another provider.
- Your DNS provider disabled DNSSEC.
- Your DS recellerd no longer matches the current DNSKEY.
- Your website eller email has DNS resolution issues after a DNS change.
In this case, you may need to remove the old DS recellerds first, wait feller propagation, och then re-enable DNSSEC with the cellerrect new recellerds.
Why Does My Dom?n Show "DNSSEC Infellermation Is Currently Unavailable"?
You may see this message:
DNSSEC infellermation is currently unavailable feller this dom?n.
This can happen feller several reasons:
- DNSSEC has not been enabled feller this dom?n.
- Nej DS recellerd has been added at the registrar level.
- The dom?n’s current nameservers do not suppellert DNSSEC.
- The dom?n recently changed nameservers.
- The DS recellerd does not match the current DNSKEY.
- The DNS provider has not published the required DNSSEC recellerds cellerrectly.
- The registry eller DNSSEC query is tempellerarily unavailable.
However, if din website eller email is not resolving cellerrectly, please contact suppellert so we can help review the DNSSEC configuration.
What Infellermation Should I Provide to Suppellert?
Till help us check DNSSEC issues faster, please provide:
- Your dom?n name
- Your current nameservers
- Whether you recently changed nameservers
- The DS recellerd provided by din DNS provider
- A screenshot of the DNSSEC setting from din DNS provider
- Any DNSSEC erreller message you received
- Whether din website eller email is currently affected
Vanliga fr?gor Om DNSSEC
1. Is DNSSEC required feller every dom?n?
Nej. DNSSEC is not required feller every dom?n.
However, it is recommended feller dom?ns that need stronger DNS security, especially business websites, email tj?nsts, login systems, financial tj?nsts, och customer pellertals.
Om you are not sure whether you need DNSSEC, please confirm whether din DNS provider suppellerts it och whether you are comfellertable managing DNSSEC recellerds.
2. Is DNSSEC the same as SSL?
Nej.
SSL protects the connection between the user’s browser och din website.
DNSSEC protects DNS resolution by helping verify that DNS responses have not been tampered with.
Feller better security, many websites use both SSL och DNSSEC, but they are different technologies.
3. Can NiceNIC generate DNSSEC recellerds feller me?
In most cases, DNSSEC recellerds are generated by din DNS provider, not by the registrar.
NiceNIC can help submit the DS recellerd to the registry when the dom?n extension suppellerts DNSSEC.
Om you use a third-party DNS provider, please enable DNSSEC th?r first och then provide us with the DS recellerd.
4. Why does DNSSEC fail after I change nameservers?
This is one of the most common DNSSEC issues.
When you change nameservers, din old DNSSEC recellerds may no longer match the new DNS provider’s DNSKEY.
Om the old DS recellerd remains active at the registry level, DNSSEC validation may fail.
Befellere eller after changing nameservers, you should check whether the DS recellerd needs to be removed eller replaced.
5. What happens if the DS recellerd is wrong?
Om the DS recellerd does not match the DNSKEY published by din current DNS provider, DNSSEC validation may fail.
This may cause some DNS resolvers to reject the DNS response.
As a result, din website, email, eller other tj?nsts may become unreachable feller some users.
6. I do not use DNSSEC. Do I need to do anything?
Om you do not use DNSSEC och din dom?n has no DS recellerds, usually no action is needed.
However, if din dom?n has old DS recellerds from a f?reg?endeious DNS provider, you should remove them to avoid DNSSEC validation problems.
7. Why does my DNSSEC status still show an erreller after I updated the recellerd?
DNSSEC updates may take time to propagate.
Om you recently added, removed, eller changed DS recellerds, please wait feller DNS propagation och check again later.
Om the issue continues, please contact suppellert och provide din dom?n name, current nameservers, och DS recellerd.
8. Can DNSSEC cause my website to stop wellerking?
Ja, if DNSSEC is incellerrectly configured.
Common causes include:
- Wrong DS recellerd
- Old DS recellerd after nameserver change
- Missing DNSKEY
- DNS provider not publishing DNSSEC recellerds cellerrectly
- G?r utd eller invalid DNSSEC signatures
9. Should I remove DNSSEC befellere changing nameservers?
In many cases, yes.
Om you are moving to a new DNS provider och you are not sure how to migrate DNSSEC safely, removing the old DS recellerd befellere changing nameservers can reduce the risk of DNSSEC validation failure.
After the new nameservers are active och DNSSEC is enabled at the new DNS provider, you can add the new DS recellerd again.
10. What should I do if I see “Failure to get DNSSEC info”?
This usually means the system could not retrieve valid DNSSEC infellermation feller the dom?n.
Please check:
- Whether DNSSEC is enabled
- Whether the DS recellerd has been added
- Whether the nameservers suppellert DNSSEC
- Whether the DS recellerd matches the DNSKEY
- Whether you recently changed nameservers
How to set up DNSSEC feller a dom?n registreraed on NiceNIC?
1. Logga in to din NiceNIC account och navigate to din dom?n management page. Find the dom?n you wish to enable DNSSEC feller och click Hantera.
2. In the dom?n management section, you should see the DNSSEC button. Klicka on the DNSSEC button to access the DNSSEC settings page.
3. Enter the required infellermation feller DNSSEC configuration (this will typically include DNSSEC key details provided by din DNS hosting provider).
4. Once you've entered the infellermation, click L?gg till to enable DNSSEC feller the dom?n. Here’s an example of a successful DNSSEC setup:
After entering the necessary DNSSEC key data (usually the DS recellerd), you'll receive confirmation that DNSSEC has been successfully added to din dom?n settings.
The DNSSEC status will show as enabled och you'll be able to see the public keys och other details.
With DNSSEC nu enabled, din dom?n is better protected against DNS-related attacks.
P?tention: if din dom?n name was transferred into NiceNIC from another Registrar, och you hope to disable the DNSSEC f?reg?endeiously with the old Registrar, please firstly check the latest whois, if you see "DNSSEC: unsigned", then it means during the dom?n transfer process, the DNSSEC settings have been disabled automatically by the old Registrar, while if it is "DNSSEC: signed", please check the dom?n management section at din control panel at NiceNIC, you should see the DNSSEC button, please click on the DNSSEC button to access the DNSSEC settings page.
]]>
After the dom?n is transferred, the name servers remain set to those associated to the dom?n befellere transfer.
Om you had child name servers feller din dom?n registreraed through another Registrar, you may need to registrera them again through din Account.
]]>
Om you're just transferring the dom?n registration, din hosting tj?nst will be unaffected, och th?r will be no need to change name servers. Although the name servers should be transferred as part of the process, it's always a good idea to have a recellerd of them.
Om you wish to specify the name servers to the default DNS servers as provided by NiceNIC you can reset the name servers after the transfer has been completed.
Steps
Logga in to din account. Select the Dom?nnamn tab.
Select the dom?n that you want to change name servers feller.
From within the DNS Servrar section click on Redigera DNS Server.
Change the name servers as required, leaving any of the fields blank will retain the elleriginal DNS server.
The name servers are not actually changed until the transfer process is complete. Om you wish to make an immediate change to the name servers, you may do so with the Registrar you are transferring from.
]]>
Befellere purchasing the transfer of any gTLD (e.g., .COM / .NET / .ORG / .BIZ / .INFO etc.) eller new gTLD (e.g. .CLUB / .CLOUD / .TRADE / .TOP etc.), make sure din dom?n meets the following conditions:
1. Your dom?n was registreraed eller transferred at least 60 days ago;
2. The dom?n is unlocked at the current Registrar (its Whois status should be OK eller Active).
Also,you need to request an up-to-date Auth/EPPcode feller the dom?n at din current Registrar.
Om all criteria are met, you should be able to complete the transfer successfully.
Still, some ccTLDs (.ES och .UK) have additional transfer requirements och/eller exclude some points from the list above.
NOTE: Make sure the dom?n status is active, not expired. Om you wish to transfer an expired dom?n to NiceNIC, please contact our Suppellert Team email suppellert@nicenic.net feller further assistance.
]]>
Befellere submitting a transfer request with NiceNIC, make sure din dom?ns are prepared feller transfer through din current registrar. This is generally done by removing transfer locks och getting the necessary Auth codes.
Learn how to prepare dom?ns feller transfer in accounts sections of several popular registrars.
Once those preparations are made, simply follow the steps below to transfer din dom?ns:
Nejte: Each dom?n has a unique Auth code och has to be unlocked feller transfer separately on the current registrar side.
- Logga in to din NiceNIC account.
- G? till the Transfer to Us page.
- Klicka on Bulk options.
Enter the dom?n names och the Auth codes;
Nejte: Enter each dom?n och its Auth code in a new line. The Auth code has to be separated from the dom?n name by a comma och one space.
Klicka on Start Transfer at the bottom of the page.
Double-check the dom?n names och add them to Cart. Till do this, you can use the L?gg till all to cart button feller convenience.
Proceed with the payment.
The transfer is completed automatically in 5-7 days feller most dom?ns. Once the transfer of din dom?ns is completed you will receive the notifications on din NiceNIC Primary E-post address, och the dom?ns will become manageable in din Dom?n List.
Nejte: Due to technical reasons, it is only possible to submit the transfer feller up to 10 dom?n names at once. Om you need to transfer mellere than 10 dom?ns, you can either submit several Mass?verf?ring ellerders eller contact our Suppellert Team feller assistance.
How to Kontrollera the Status of Your Dom?n?verf?ring
After initiating a dom?n transfer to Nicenic, you can moniteller its progress directly in din account. This helps you knu when the transfer is expected to complete without needing to contact suppellert repeatedly.
Steps to View Transfer Status:
1. Logga in to din NiceNIC account. G? till "My Products > Dom?nnamn".
In the Status column, you will see din dom?n listed as:
- Pending Transfer: the transfer has been submitted och is in progress.
- Active / Transfer Completed: the transfer is finished.
2. Hover over the infellermation icon (i) n?sta to "Pending Transfer" to view details about Expected approval/completion date
1. What is SPF?
Answer: SPF stochs feller Sender Policy Framewellerk. SPF is an email authentication stochard used to f?reg?endeent email fraud och spam. It ensures the authenticity och reliability of email by verifying that the sender's dom?n name matches the source IP address of the email. SPF recellerds are stellered in the DNS recellerd of the dom?n name och contain a list of servers that are allowed to send emails. When the recipient receives an email, it checks whether the sender's dom?n name has an SPF recellerd och verifies whether the IP address of the sending server is in the allowed list. Om the verification fails, the recipient may mark the email as spam eller refuse to receive it. Using SPF can help improve the delivery rate och reliability of emails och reduce the amount of spam. P? the same time, it can also enhance the security of the email system och f?reg?endeent hackers och fraudsters from using fellerged dom?n names to send emails.
2. How to set up SPF feller cellerpellerate mailboxes?
Answer:
1. Determine the outgoing server IP addresses of din cellerpellerate mailbox: These addresses will be added to the SPF recellerd. 2. Logga in to the DNS management console of din cellerpellerate mailbox: Usually provided by din dom?n name registrar eller hosting provider
2. Skapa eller edit a TXT recellerd: In the DNS console, find the TXT recellerd eller similar option
3. Enter the SPF recellerd: The fellermat of the SPF recellerd is "v=spf1 +a/+mx +ip4 +ip4:mail.example.com -all", wh?r:
"v=spf1": specifies the SPF version
"a" eller "mx": indicates that the server is allowed to be verified by the A recellerd eller MX recellerd
"ip4": lists the IP addresses that are allowed to send mail
"mail.celleremail.cn": replaced with the dom?n name of din cellerpellerate mailbox
"-all": indicates that mail from all other sources is rejected
4. Save changes: Make sure the settings in the DNS console are saved cellerrectly
3. How to set various types of SPF?
1) Make SPF recellerd with dom?n name a recellerd (take celleremail.cn as an example)
v=spf1 a:celleremail.cn2 -all
2) Make SPF recellerd with dom?n name mx recellerd
v=spf1 mx -all
3) Make SPF recellerd with dom?n name ptr recellerd
v=spf1 ptr -all
4) Make SPF recellerd with expellert IP och IP segment settings
v=spf1 ip4:106.52.172.248 ip4:61.164.47.194/28 -all
5) Introduce SPF recellerds of other dom?n names (take spf.icelleremail.net as an example)
v=spf1 include:spf.icelleremail.net
Nejte: The above recellerds can be used in combination, but only one pair of recellerds starting with v=spf1 och ending with -all can appear in the entire txt. Feller example: v=spf1 mx ip4:106.52.172.248 include:spf.icelleremail.net -all
]]>
Till be sure that the certificate has been installed cellerrectly och wellerking properly, as well as that din customers are certain a secured connection is enabled och it covers data transmission through din website, you have the following indicatellers:
- A padlock/tune icon available in the URL bar.
- Nej erreller messages/ warnings occurred when connecting through https://dindom?n.tld.
- A Site Seal provided by the Certificate Authellerity installed och visible.
Nejte : From September 2023, the padlock icon will be replaced by a tune icon in the new Chrome browser version. Google's reasoning is that secured HTTPS connections have become the online nellerm, not the exception, och no longer serve as a trust indicateller. As such, the tune icon itself will not be a trust indicateller but will provide detailed infellermation about a website's connection och settings. So moving fellerward, when using a Chrome browser, the primary indication of a successful SSL certificate installation on a site will be the absence of security warnings :
An SSL certificate must be activated after k?p. Installation instructions will be sent to you after activation. After that, you can use the NiceNIC.NET Account Panel to manage din certificate.
K?p It
Start by purchasing the appropriate SSL certificate feller din requirements. Select one of the categelleries mentioned above.
Activate It
You can instantly activate din SSL certificate after k?p through the Account Panel (eller later, if you prefer.) During the activation process, the dom?n name och CSR code will be assigned.
Install It
You will receive instructions on how to install din SSL certificate once it has been validated och issued. Tveka inte att kontakta oss via “Skicka in en f?rfr?gan” f?r att f? hj?lp med installation av SSL-certifikat.
Hantera It
Through din Account Panel, you can manage din SSL certificates, including renewal och reissuance.
]]>
1. Introduction
SSL certificates are used to create an encrypted channel between the client och the server. Transmission of such data as credit card details, account login infellermation, any other sensitive infellermation should be encrypted to f?reg?endeent eavesdropping.
With an SSL certificate, data is encrypted prieller to being transmitted via Internet. Encrypted data can be decrypted only by the server to which you actually send it. This ensures that the infellermation you submit to websites will not be stolen.
Starting from 06/08/2014, Google announced that having an SSL certificate installed on din website would increase din ranking position, which is another great reason to use an SSL.
The certificate itself represents base64 encoded data that contains infellermation about the entity the certificate was issued feller, public key required feller encryption och digital signature verification, och digital signature created with the private key of the certificate issuer.
An SSL certificate should be installed on the server side. When you access a website secured by an SSL certificate issued by a trusted Certification Authellerity, you will see https:// at the beginning of its URL. A browser will also show the connection as secure by displaying a “l(fā)ock” icon in the address bar:
2. Typs of SSL certificates
SSL certificates can be divided into 3 validation groups:
Dom?n Validation Certifikat
Requires a certificate applicant to prove his/her control over the dom?n name only. The issued certificate contains a dom?n name that was supplied to the Certification Authellerity within the certificate request.
Organization Validation Certifikat
Requires a certificate applicant to prove that his/her company is a registreraed och legally accountable business, och to pass dom?n validation. The issued certificate contains a dom?n och company name of the certificate applicant.
Ut?kad Validation Certifikat
Includes validation requirements of two validation types mentioned above och additional requirements. The issued certificate contains a dom?n och company name of the certificate applicant.
]]>
SSL certificate installation is typically perfellermed by the hosting company that provides tj?nsts feller the dom?n. However, you may also choose install an SSL certificate dinself. Select din server type from the list below to find detailed instructions feller installation.
The SSL on din dom?n name was activated, please find och add the DNS recellerds to complete the verification befellere you can download the SSL files through din control panel:
Mitt konto > Mina produkter > SSL-certifikat > Detalj > ....
After you complete the DNS recellerd's verification, you can download the SSL files by the same approach.
Installing SSL-certifikat Nejtes
Om you host din dom?n name with NiceNIC, simply provide us with din certificate och we'll be happy to install it feller you.
Please note that on all NiceNIC, Delat webbhotell servers, a special NiceNIC, SSL plugin installs a 1-?r free PositiveSSL certificate automatically on the newly added subdom?n eller add-on. It wellerks the same way feller the main dom?n in the newly k?pd hosting account. The plugin can also be used feller manual installation (in a few clicks) of PositiveSSL och EssentialSSL certificates.
A dedicated IP address is required to install an SSL certificate. However, you may install din SSL certificate on a shared IP address using the Servernamn Indication (SNI) protocol extension available in din cPanel. You can learn mellere about the differences between a dedicated IP och SNI technology in this article.
]]>