I've been trying to point my custom domain to the cloudfront distribution that's serving an s3 bucket.
I've been following this guide, but it doesn't work. I cannot figure out what's going wrong.
The cloudfront-s3 connection is working, becuase when I open the auto-assigned dns from cloudfront, it opens the site.
There's something wrong with the dns names. I have two certificates, one for root domain, one for *.. I use the second one, as I cannot work with root domain on google domains side, and as the guide suggested, I reroute to www. on Google Domains (doesn't seem to work though, if I try to open , it doesn't redirect me to www.).
When I try to open the address, it says:
This site can’t be reachedCheck if there is a typo in www.<root-domain>.
DNS_PROBE_FINISHED_NXDOMAIN
So in summary in Google Domains I have 2 CNAMEs, one for the certificate, one for the cloudfront distribuiton. The host name for the cloudfront distribution is wwww., and for the cert it's auto assigned by aws.
The certificates are confirmed that are issued, and assigned to the cloudfront distribution, also alternative domain names contain www..
I have a route 53 hosted zone created for www., and an alias created for cloudfront distribution.
Any clue what may have I done wrong?
Related
I have
An AWS S3 bucket as a static site
A CloudFront distribution with ACM SSL certs
A Name.com domain name
A Heroku web app
I successfully have www.domain.com pointing to my abc123.cloudfront.net website. I also have api.domain.com successfully pointing towards my heroku app. I used ACM to generate a certificate for www.domain.com and Heroku handles its own SSL stuff as well.
That's pretty good, but just to be anal, I want domain.com to also point to my CF address. However it does not. This is how I set up my CF and DNS and wonder if anyone has any ideas. I've gone through about 20 SO questions and articles with no luck. Also Name.com URL forward does not seem to work.
DNS Settings
CloudFront Settings
Based on the comments.
Currently, only www.domain.com record is used to direct connections to CloudFront (CF) distro. To direct domain.com, a new record should be created which also points to the CF distro in Name.com DNS.
In addition to these, CNAME in CF as well as SSL certificate should also include domain.com.
I'm currently hosting a React website through AWS CloudFront. I have the CloudFront URL, ex: http://xxxxxxxxxxxx.cloudfront.net but I want to use the distribution with my domain name. I am using Google Domains at the current moment. I've looked into CNAME records and ALIAS records (Google Domains currently doesn't support ALIAS) but still haven't figured out a solution. At the same time, I'm trying to reduce downtime for the site, so this is a bit tricky because I'm trying to minimize experimentation.
Here's what I've tried:
CNAME: www -> xxxxxxxxxxxx.cloudfront.net
Result: caused website to not load
CNAME: # -> xxxxxxxxxxxx.cloudfront.net
Result: Google Domains doesn't let you do this!
I also tried Google's "Synthetic Records" for redirection, but as I expected that just redirects to the CloudFront domain whenever I enter my domain.
I know that AWS Route 53 would be a valid option except that they don't support '.app' domains for some reason.
I've included the domain CNAME and SSL certificate on CloudFront, but I'm confused about what I'm doing wrong as for the DNS info.
Has anyone had experience setting up a CloudFront website for their own domains using Google Domains? I've done a bunch of research on this but for some reason haven't found any results that have helped me.
The hosted application worked until yesterday but suddenly not working today.
What I have done?
Using Cloudfront - To host my website from Amazon’s edge locations with a custom SSL certificate setup for my domain.
Amazon
Certificate Manager - To get HTTPS Certificate
Hosted my client application in S3. They wanted to access their site using a domain name. To achieve this I have provided two records as given below.
Type Host Value TTL
A # IP of the client domain 600
CNAME www CloudFront distribution URL 600
The thing is Endpoint which I got while configuring Cloudfront "d3ajo2v2g7lf33.cloudfront.net" is working but the domain name which I added as an alias to this endpoint is not working.
Probable findings from my side:
1) Used let's encrypt to get the SSL and it's about to expire within a week.
2) Added A record with the IP address of the domain. As am using Cloudfront am doubting that the domain does not have a static IP.
Also please let me know CloudFront distribution domain name IP will change every time or will it be static.
Kindly help me to resolve this.
CloudFront has CNAME record as well. So you have to register your domain name in the CloudFront distribution.
as for the SSL certificate for your custom domain, take a look at AWS ACM. It may be easier than using lets encrypt certificate (your call).
and yes. use the cloudfront's domain URL. it won't change unless you delete the distribution.
I'm following the serverless-stack guide and have a website hosted in an Amazon S3 bucket. I purchased a domain using GoDaddy and I have set up cloudfront to work with this bucket, then have used AWS certificate manager to generate SSL certificates for my domain (both www.my_domain.com and my_domain.com).
In GoDaddy I then configured DNS forwarding to point to my cloudfront resource.
This all works nicely, and if I go to my_domain.com in a browser then I see my website.
However, I can't get SSL working. If I go to the https:// version of my website then I see a not secure error in the chrome address bar which shows a certificate pointing to shortener.secureserver.net rather than my own website.
Could someone point me at a way around this? Looking through S.E. and using google it seems that Amazon's route53 might be able to help, but I can't figure out how to do this.
Thanks!
(edit) To make things more clear, this is what I see in Chrome if I connect to https://my_website.com or to https://www.my_website.com
The warning message:
The certificate details:
What I do not understand is why, after configuring an AWS certificate for my domain, I see a certificate for shortner.secureserver.com rather than a certificate for my_website.com.
Go daddy has problems and does not redirect to https, There are two ways, the first is to change domain registrar and the second is the easiest, which is: Create a hosted zone on AWS router 53 with your domain name
Create 2 type A records, one for the root (of your domain) and one for www that point to your cloudfront. Router 53 allows you to create a type A record without having an IP, because it directly points to a cloudfront instance that you indicate, that's the best
Then in go daddy it gives you the option to change name servers and puts the ones assigned by aws in hosted zone with the record that says NS and you put those 4 in Godaddy, replacing the ones that had
Note: SAVE THE NAME SERVERS THAT YOU HAVE IN GO DADDY BEFORE REPLACING THEM, IN CASE YOU HAVE ANY PROBLEM, YOU CAN REPLACE THEM AGAIN
You have to wait at least a few hours until all the name servers are updated, you can use the who.is page to see if the DNS have already been updated with those of aws.
It turns out that this is not possible with GoDaddy. If anyone else reading this has a similar problem, only current solution is to cancel your domain registration and register with someone else.
(edit) As #aavrug mentions in their comment, Amazon now have a guide for this.
When you defined your CloudFront you can defined whether you want to use, and you can choose HTTPS only. In this case HTTP requests will be automatically redirected to HTTPS. Have in mind CloudFront changes may take a while to be replicated and your browser cache it as well, so the best way is to make a change, wait for the deployment and then check it in a new cognito browser.
It goes without saying that your certificate must be valid and verified as well.
It might be something wrong with your certificate or with your domain.
If you serving your content over HTTPS you must provide a SSL Certificate in Cloudfront. Have you done that?
Have you added your domain on Alternative Domain Names (CNAMEs)?
Please have a look on the image below:
-> AWS provides Free SSL Certificates to be used with Cloudfront, so you might want to use it (easier than you import your SSL from go daddy).
You can create a free SSL certificate on AWS and easily attach it to your cloudfront distribution.
-> You can also transfer your domains to AWS Route53. It is easy to integrate with any AWS Service and easy to use/maintain :)
I wrote a complete guide on my blog telling how you can add Custom SSL and attach custom domain to Cloudfront distribution, it might be useful :)
https://lucasfsantos.com/posts/deploy-react-angular-cloudfront/
I have set up a multi tenant application which should be available to clients via a subdomain (e.g. https://client1.example.at). Requests to *.example.at are routed to a load balancer via Route 53. The load balancer has an AWS signed wildcard certificate (e.g. supporting example.at and *.example.at). From this side, everything is working as expected and I can access https://client1.example.at, https://client2.example.at, etc.
Based on this setup, I wanted to route specific request without subdomain (except www) such as https://www.example.at or https://example.at to a bucket (which is also named www.example.com) and not to the load balancer (I just want to serve a static site for requests to the "main domain"). It works but I can only access www.example.at and example.at without using HTTPS. My setup can be seen below:
I then found out that I have to use Cloudfront in order to use HTTPS for a custom domain with S3 buckets (if that is correct?). Now I have a few questions:
Is it necessary to use Cloudfront to serve content from my S3 bucket for www.example.at and example.at via HTTPS?
If Cloudfront is necessary then I have to request a new certificate for www.example.at and example.at in region US EAST according to the official AWS docs. Is it possible to create two certificates for the same domain with AWS certificate manager or can I get some conflicts with this setup?
Is it ok to use *.example.at as A type record with alias to the load balancer at all?
Generally speaking, is my Route 53 setup valid at all?
I wanted to route specific request without subdomain (except www) such as https://www.example.com or https://example.com to a bucket (which is also named www.example.com)
Each of those "domains" must route to a different bucket unless you are using a proxy (which reroutes the hostname passed from the browser) in front of S3, the domain name must match the bucket name. If they don't then your requests are going to a bucket matching the DNS name you routed from, the routing has nothing to do with the hostname of the S3 bucket endpoint.
In other words, let's say your hostname was www.example.com, and you set the CNAME to example.com.s3.amazonaws.com (or you could use the website endpoint, it doesn't matter for this example).
When a request hits the DNS name www.example.com it then is sent to the S3 server which is behind the S3 hostname. That request from the browser is for hostname "www.example.com", the actual CNAME referenced which pointed to the S3 endpoint is irrelevant because S3 never knows what actual CNAME was used to by your browser to connect to S3. So S3 will attempt to pull the requested object from the www.example.com bucket.
URL -> S3 Bucket
https://www.example.com -> s3://www.example.com
https://example.com -> s3://example.com
It works but I can only access www.example.at and example.at without using HTTPS.
CNAME DNS routing like this when using SSL to an S3 bucket does not work. The reason for this is that the S3 wild card certificates are 1 level deep (*.s3.amazonaws.com) so your bucket www.example.com.s3.amazonaws.com will fail to match it because it has 2 extra levels above the wild card. So your browser rejects the certificate as invalid for the hostname.
To accomplish this you must use a proxy of some sort in front of S3 with your own certificates for the domain in question.
Is it necessary to use Cloudfront to serve content from my S3 bucket for www.example.at and example.at via HTTPS?
CloudFront is an excellent option for addressing the HTTPS with CNAME routed DNS to an S3 bucket issue we just mentioned.
If Cloudfront is necessary then I have to request a new certificate for www.example.at and example.at in region US EAST according to the official AWS docs. Is it possible to create two certificates for the same domain with AWS certificate manager or can I get some conflicts with this setup?
I can't answer that one, I can only suggest you try and find out what happens. If it doesn't work then it's not an option. It shouldn't take much time to figure this one out.
Is it ok to use *.example.at as A type record with alias to the load balancer at all?
To clarify, an A Record can only ever be an IP address, an A Alias is similar to a CNAME (but is Route53 specific).
I highly recommend CNAMES (or ALIASES, they are similar). Pointing directly at one of S3's A-Records is a bad idea because you don't know if or when that IP will be removed from service. By referencing the hostname with a CNAME/ALIAS you don't have to worry about that. Unless you can be 100% sure that the IP will remain available then you shouldn't reference it.
Generally speaking, is my Route 53 setup valid at all?
I don't see any issues with it, based on what you described it sounds like like things are working as expected.
If Cloudfront is necessary then I have to request a new certificate for www.example.at and example.at in region US EAST according to the official AWS docs. Is it possible to create two certificates for the same domain with AWS certificate manager or can I get some conflicts with this setup?
As suggested by #JoshuaBriefman I simply tried to create another certificate for the same domain in another region now and it worked. I could also use the certificate for the CloudFront distribution (additional certificate was created in US EAST) and all works now without any problems so far.