stackoom
  简体   繁体   中英

AWS CloudFront Custom SSL Certificate disabled

 原文  2017-05-28 18:26:51       amazon-web-services/ ssl/ amazon-s3/ dns/ amazon-cloudfront

Question

I have seen many posts on this topic, but I have not been able to resolve the issue, so I am posting my setup in case anyone knows what needs to be changed?

  1. I have a domain purchased through Namecheap. I have set custom DNS and added 4 name servers generated by the hosted zone in AWS Route 53. DNS lookup through whois.net shows the correct values.

  2. In Route 53, I have added an A record to the Alias Target xxxxxxxxxxxxxx.cloudfront.net. So the traffic hits Route 53 and goes to CloudFront.

  3. In CloudFront, I have one distribution. As Alternate Domain Names (CNAMEs), I have the following values:

    • *.domain.com
    • www.domain.com
    • domain.com

  4. Under origins, I have one record with the following Origin Domain Name:

    • domain.com.s3-website.az-name-1.amazonaws.com

  5. I am hosting website in an S3 bucket. All HTTP requests are set to redirect to HTTPS.

  6. Lastly, I have created and verified a single certificate for the following domain names: domain.com, www.domain.com, *.domain.com

I have read some answers that I should just wait and the custom SSL certificate option will become enabled. It's been more than day now, however, and there is no sign of that happening.

My website works, but the misconfigured certificate (using the default *.cloudfront.net ) throws a warning popup in Safari, and worse, a warning page in Chrome which most people are not going to bypass.

1 answers

solution1
 4 ACCPTED  2017-05-29 00:17:46

To use an ACM Certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM Certificates in this region that are associated with a CloudFront distribution are distributed to all the geographic locations configured for that distribution.

http://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html

CloudFront is not a regional service like most of the others. It's a global service with a single home region -- us-east-1. It can't see ACM certificates in any other region (you'd create certificates in other regions if you wanted to use them with Elastic Beanstalk or Elastic/Application Load Balancers).

From the description of what you observe, you didn't create the ACM certificate in us-east-1.

Create a new cert in us-east-1, and the option to use it should become available almost immediately in CloudFront.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS: Custom SSL certificate option is disabled in CloudFront, but I created a SSL certificate using AWS Certificate Manager AWS Cloudfront custom sub domain TSL / SSL: “Not secure / certificate invalid” AWS: imported SSL certificate not showing up in CloudFront AWS CloudFront SSL Certificate - MalformedCertificate error How to solve AWS CloudFront SSL Certificate Doesn't Exist which ssl certificate is the right one for aws elastic load blancer and cloudfront? ssl certificate compatibility Can't use AWS cloudfront with custom SSL cert from IAM AWS ssl is not working in imported certificate for custom domain Use CA certificate for AWS CloudFront AWS Certificate Reimport reflection on CloudFront
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM