Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS CloudFront to host SSL and forward on to sendgrid not working

Tags:

ssl

amazon-web-services

amazon-cloudfront

sendgrid

I am trying to have links in my emails from my application register as SSL/HTTPS secure links. This helps deliverability and other things email clients may do treating links as http vs https.

Our application is using SendGrid to send emails, which also supports click tracking on our links for us. In order to do this SendGrid, and most other email sender services replace the original link we put in, which was an https://blahblah.com link with their own link, http://clicktrack.sendgrid.net or something that is not https, but rather http.

SendGrid supports "white labeling" the click tracking link with something like http://subdomain.blahblah.com and also https version if we set it up properly. SendGrids requirements for https/ssl link are shown here https://sendgrid.com/docs/Classroom/Build/Add_Content/content_delivery_networks.html

Basically they are asking us to setup a CDN or other server that will host our SSL certificates, terminate the SSL, and then forward the request on to their servers. Once that is in place they can "turn on" ssl on their end for our email links.

I tried setting this up in AWS CloudFront with the origin as sendgrid.net and the distribution having our SSL certificate and a route 53 CNAME pointing to our distribution. So the subdomain.blahblah.com points to distribution CDN, CDN points to sendgrid, and all should work.

Testing this though it does NOT work. If I go to the http version of subdomain it does work, CDN forwards properly. AWS support has suggested it was an issue related to host headers and the CDN not being able to validate the origin when I had a 2nd CNAME for the origin on my subdomain2.blahblah.com. That led me to remove 2nd cname and direclty put sendgrid as origin, but that hasn't worked and they haven't provided a solution yet. I get error like this..

ERROR

The request could not be satisfied.

CloudFront wasn't able to connect to the origin. Generated by cloudfront (CloudFront) Request ID: pl1bS3OObC6mUd2vyyhM6bNFt3xyLsfzVIqNmiPkEO7mQgJyQCn_pA==

Any ideas welcome or a different way to do this?

like image 601
bjm88 Avatar asked Dec 15 '15 13:12

bjm88

1 Answers

The issue was in behaviors I was forwarding all headers. Should NOT forward "Host" header in this situation or the origin ssl call will break as it wont match expected. AWS support did finally figure this out and recommend to me :)

like image 87
bjm88 Avatar answered Nov 15 '22 10:11

bjm88
Sign in to Comment

Related questions

Python SQL connection error (2006, 'SSL connection error: SSL_CTX_set_tmp_dh failed')
How can I make an SSL-enabled HTTP request in Julia?
SSL and authentication across multiple domains
What's the right way for a Python/Twisted program to validate an SSL certificate under Windows?
Qt "Creating SSL context" error in few computers
SSL Client on Android
Java SSL Exception - "Prime size must be a multiple of 64..." [duplicate]
How to use openSSL with memory BIOs and non blocking sockets
Java NIO and SSL
Node.js client certificate authentication on some paths only
Client Certificate Mapping Authentication in self-hosted Owin endpoint
Simple RMI Server with SSL
Nginx ssl_verify_client and proxy_pass [closed]
Trusting self signed certificate with Python requests
Server-side support for TLS-PSK [closed]
Websocket SSL handshake failure
nginx - Disable http to https redirect?
Boost ASIO, SSL: How do strands help the implementation?
How to automatically accept SSL certs in chrome?
Heroku: Spring Boot Gradle app with https tomcat server and certificate pinning

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!