Menu
I can't get the Internet <-> CloudFront <-> S3 Bucket working, using an AWS certificate. This is what I did:
*.mydomain.example.After the distribution is created, my browsers all tell me this:
I'm not sure if I've missed a step in the process of setting this up, I've tried fiddling with various parameters but nothing lets me through.
I read this blog post, saying that I might have forgotten adding alternate CNAMEs. This confuses me a bit, should I? In Route 53 I configured my full domain using something.mydomain.example and the certificate is a wildcard one.
Other blog posts and question answers indicates I should not, just use the A record and the CloudFront distribution URL/endpoint, as I have done.
635
AWS CloudFront supports two types of distributions: streaming and download. When a user requests static content with a CloudFront URL, the service finds the nearest edge location based on the request IP and caches the content in that location. All future requests from the same location will have reduced latency.
Amazon CloudFront provides a simple API that lets you: Distribute content with low latency and high data transfer rates by serving requests using a network of edge locations around the world. Get started without negotiating contracts and minimum commitments.
Resolution. You can't associate more than one SSL or Transport Layer Security (TLS) certificate to an individual CloudFront distribution. However, certificates provided by AWS Certificate Manager (ACM) support up to 10 subject alternative names, including wildcards.
By using CloudFront, you can take advantage of the AWS backbone network and CloudFront edge servers to give your viewers a fast, safe, and reliable experience when they visit your website. A simple approach for storing and delivering static content is to use an Amazon S3 bucket.
So, in my update, I mentioned adding CNAMEs from a blog post. This was it, the second I did that, it started working.
To clarify, I did this to solve my problem:
something.mydomain.example that you have configured to this distribution's endpoint/URL in Route53.This solved it instantly for me, but remember that CloudFront configuration changes sometimes can take some time to be pushed out.
171
As stated by OP in an edit error caused when a CNAME entry for the apex (naked) domain, www subdomain, other subdomain or other domain(s) are not listed in the distribution.
To fix add at least one CNAME to the distribution in CloudFront.
39
Weird but true:
What actually fixed the issue for me was bumping the minimum cypher version up from TLSv1 to TLSv1.1_2016 in the CF Distribution.
Here's the relevant CloudFormation snippet:
HttpVersion: "http2"
ViewerCertificate:
AcmCertificateArn: !Ref SslCertificateArn
MinimumProtocolVersion: "TLSv1.1_2016"
SslSupportMethod: sni-only
Weird because I don't understand why this change fixes anything. The browser should automatically negotiate the higher TLS version.
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
