stackoom
  简体   繁体   中英

AWS Cloudfront: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain

 原文  2022-03-24 15:56:58       amazon-cloudfront/ serverless/ serverless-framework

Question

The project is a Serverless (recently upgraded from 2 to 3) Single Page Application

I am trying to create and attach a domain for a Cloudfront distro.

The distro already existed, the domain and certificate were purchased this morning. The certificate is valid, the domain is active. The certificate has been designated the root domain and a wildcard entry.

If I go to the distro within the AWS Cpanel I can add the certificate from the dropdown and there are no complaints, but when I try deploying (before or after) I get:

Error:
UPDATE_FAILED: SPACloudFrontDistribution (AWS::CloudFront::Distribution)
Resource handler returned message: "Invalid request provided: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain. (Service: CloudFront, Status Code: 400, Request ID: 82cf6a1b-e40f-4e05-a5e0-94a211e13767)" (RequestToken: 01caa67e-ab3f-d552-18ad-74fb9f1bc703, HandlerErrorCode: InvalidRequest)

I feel I can safely regard the Certificate itself as okay if I can see it and attach it manually. The deploy will not begin if the variable for the certificate ARN is invalid, telling me that it's not a case of the variable being wrong or empty.

I am definitely logged into the right account when I run the deploy, but I have run out of ideas on what to check to get to the bottom of this. Any help or assistance would go many miles and I would be massively grateful!

[EDIT] I can validate the certificate ARN via 

aws acm get-certificate --certificate-arn xxxx

Which shows the ARN is okay.

[EDIT2] The certificate is an AWS generate one, so there are no options for the type of encryption.

[EDIT3] I tried changing the deploy to only add the certificate as opposed to the domain AND the certificate but that made no difference.

[EDIT4] To add - I have successfully done this before and am reusing a config that I know to work. I have just gone through to make sure they are the same - just to rule out any other reliance/dependency that I had missed.

[EDIT5] I can do 100% of this process manually without failure. Pointing a sub-domain to the distro via Route53, and setting the certificate with the domain on the distro. This loads fine with https. But not via Serverless.

Thanks:)

1 answers

solution1
 1  2022-03-24 18:41:37

The answer was that I had put the value in the.env but not the.env.alpha file.

I am going to go put my head through a wall now.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Provided region_name 'US East (Ohio) us-east-2' doesn't match a supported format AWS SES Frankfurt region isn't supported AWS Using CloudFront and HTTPS outside us-east-1 Can't get LetsEncrypt SSL certificate to work with AWS Lightsail https via cloudfront and S3 bucket of AWS doesn't work OpenIDConnect provider's HTTPS certificate doesn't match configured thumbprint AWS CLI importing credentials from CSV doesn't add region Error occurred (InvalidParameterValue)when calling the DescribeDBSnapshots operation:The input isn't valid.Inputcan't contain control characters I need to configure CORS in s3 bucket the code I have isn't a valid JSON Error: Error creating DB Instance: InvalidParameterValue: The input isn't valid. Input can't contain control characters. │
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM