Cleaning up and consolidating some SSL certs in AWS ACM, but can't remove some of them because they're associated with a CloudFront distribution that doesn't exist (can't find it in the console or via awscli).
Tried to delete the cert, but can't because it still has a bogus association
Tried to delete the dist via awscli, but can't because it doesn't exist
Related
I created a Let's Encrypt wildcard certificate for *.example.cz on Amazon Linux EC2 instance using CertBot.
The certificate attached to nginx web server on EC2, website works fine both over HTTP and HTTPS. There are couple of DNS records www.example.cz and *.example.cz of type A with EC2 IP Address.
Then to point a subdomain cdn.example.cz to a S3 Static Website Bucket:
I imported the same wildcard SSL certificate from EC2 to AWS Certificate Manager.
Created a CloudFront distribution with the imported SSL Certificate.
Created a CNAME record cdn.example.cz and pointed it to S3 bucket's URL.
When I request an object from S3 using http://cdn.example.cz/object.jpg it works, but the request over HTTPS keeps busy until reaches time out.
I tried CloudFront's Alternate domain names to be cdn.example.cz, and also tried www.example.cz example.cz. None worked.
AWS Certificate Manager
CloudFront Distribution
CloudFront Distribution Origins
CNAME record had to be pointed to CloudFront Distribution domain name
xxxxxxx..cloudfront.net
I'm not sure about this but I also removed eu-south-1 from Origin domain name so it's now cdn.example.cz.s3.amazonaws.com
Once I updated CloudFront distribution, I had to wait few hours for the change propagated properly (as it was initially pointing to S3 before I was aware that CloudFront was required for SSL). As soon as it was, this settings worked perfectly.
As part of my infrastructure I need to upload a certificate to acm from my own certificate authority. Uploading it using the aws acm import-certificate command works fine the main difference between this cert and the amazon issued ones that are already on there being that it doesn't have a value for the domain name field.
The problem comes when I want to list the certificates in the acm to check if the certificate I uploaded is present or not at a later time. When I run aws acm list-certificates the cert I uploaded is not present in the result.
From the docs:
Default filtering returns only RSA_1024 and RSA_2048 certificates that have at least one domain.
My cert is RSA_2048. Therefore, I think that when I use aws acm list-certificates that the certificate I uploaded is being filtered out of the result as it does not have a domain name.
Having read through the linked documentation page a couple times now I can't see a way to configure the filtering not to filter on the domain name field.
Is it possible to get list-certificates to return a certificate where the certificate doesn't have a domain name?
I had a CloudFront distribution with a custom ACM certificate associated with it. The CloudFront was deleted, but I cannot delete the certificate, it says it’s still in use by that CloudFront, that no longer exist. Any idea what is happening and how do I delete the certificate?
Using either terraform or AWS console if this matters.
I have an EC2 Instance with a cloudfront certificate issued to its origin. It is in use but I get an error when trying to access it.
CloudFront wasn't able to connect to the origin.
After some research I have realized that my setup was done correctly through ACM but The server is not sending the required intermediate certificate. (I tested it using https://www.digicert.com/help/) After consulting with some friends and reading some other answers on SO I found out that I need to install a intermediate certificate onto my server but cant seem to figure it out using ACM.
I'm creating a CloudFront distribution for an S3 bucket. I successfully created it and mapped the DNS. Now I want to use HTTPS for the DNS.
I created a cert via ACM. But the cert is not appearing in the CloudFront Custom SSL pge.
Any ideas why?
I was able to accomplish the task, however, this is not the answer to the question.
I pasted the certificate ARN to the Custom SSL field and updated the CloudFront distribution. By this way, I was able to add SSL to my custom domain. However, my certificate still not appears in the Drop down menu.
Pls verify whether the certificate is created in us-east-1 region. Cloud front can use certificates that are created in that specific region.