I have an AWS S3 bucket configured for web hosting, with a custom domain name pointing to it.
I can retrieve files ok under my domain name using http, but I'm having trouble getting it working under https. I've followed all the steps below. Grateful for any help.
In my Cloudfront distribution which points at my s3 bucket, I have a Custom SSL Certificate set, with the same name domain name. The certificate is issued through AWS Certificate Manager.
In the browser e.g. Chrome I get:
This site can’t be reached i.removed.the.domain.name took too long to respond.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_TIMED_OUT
It's not a DNS lookup error -- the non-secure website works fine -- and it's not a certificate error. Do I need to do something else to enable the https version?
Related
Similarly to other stacks, I have hosted a website using AWS services:
Registered domain on Route 53 (example.net)
Content is hosted on an S3 bucket
Got an SSL certificate using AWS Certificate Manager
Created a CloudFront distribution, pointed it to S3 and connected it to my domain with Route 53.
All of this works except for an issue at what seems to be the final hurdle. When I enter my domain url into the search bar, example.net, the connection isn't secure by default. I've illustrated the problem here.
I'm relatively new to hosting and can't find a solution relating to this. My thoughts are that I'm missing some Cloudfront or Route 53 configuration, since another thing that doesn't work is connecting via www (I don't care about that issue as much). Any input is appreciated.
By default enabling HTTPS on a website doesn't disable HTTP. They are both available, on separate ports. That's why you have to type https:// in the browser's address bar to go directly to the HTTPS version of your website. You can get CloudFront to redirect all HTTP requests to HTTPS by following this guide.
I created a Let's Encrypt wildcard certificate for *.example.cz on Amazon Linux EC2 instance using CertBot.
The certificate attached to nginx web server on EC2, website works fine both over HTTP and HTTPS. There are couple of DNS records www.example.cz and *.example.cz of type A with EC2 IP Address.
Then to point a subdomain cdn.example.cz to a S3 Static Website Bucket:
I imported the same wildcard SSL certificate from EC2 to AWS Certificate Manager.
Created a CloudFront distribution with the imported SSL Certificate.
Created a CNAME record cdn.example.cz and pointed it to S3 bucket's URL.
When I request an object from S3 using http://cdn.example.cz/object.jpg it works, but the request over HTTPS keeps busy until reaches time out.
I tried CloudFront's Alternate domain names to be cdn.example.cz, and also tried www.example.cz example.cz. None worked.
AWS Certificate Manager
CloudFront Distribution
CloudFront Distribution Origins
CNAME record had to be pointed to CloudFront Distribution domain name
xxxxxxx..cloudfront.net
I'm not sure about this but I also removed eu-south-1 from Origin domain name so it's now cdn.example.cz.s3.amazonaws.com
Once I updated CloudFront distribution, I had to wait few hours for the change propagated properly (as it was initially pointing to S3 before I was aware that CloudFront was required for SSL). As soon as it was, this settings worked perfectly.
The hosted application worked until yesterday but suddenly not working today.
What I have done?
Using Cloudfront - To host my website from Amazon’s edge locations with a custom SSL certificate setup for my domain.
Amazon
Certificate Manager - To get HTTPS Certificate
Hosted my client application in S3. They wanted to access their site using a domain name. To achieve this I have provided two records as given below.
Type Host Value TTL
A # IP of the client domain 600
CNAME www CloudFront distribution URL 600
The thing is Endpoint which I got while configuring Cloudfront "d3ajo2v2g7lf33.cloudfront.net" is working but the domain name which I added as an alias to this endpoint is not working.
Probable findings from my side:
1) Used let's encrypt to get the SSL and it's about to expire within a week.
2) Added A record with the IP address of the domain. As am using Cloudfront am doubting that the domain does not have a static IP.
Also please let me know CloudFront distribution domain name IP will change every time or will it be static.
Kindly help me to resolve this.
CloudFront has CNAME record as well. So you have to register your domain name in the CloudFront distribution.
as for the SSL certificate for your custom domain, take a look at AWS ACM. It may be easier than using lets encrypt certificate (your call).
and yes. use the cloudfront's domain URL. it won't change unless you delete the distribution.
I have a site example.com that lives on S3. I have set up HTTP -> HTTPS forwarding successfully for this site.
I also have a subdomain, blog.example.me that also lives on S3, which I want to enable SSL with. Right now, it only supports HTTP. I am using Route 53 for routing and Cloudfront as a CDN.
I have looked for documentation on this issue, but have yet to find something that works. Do I have to create a new certificate, or can I use the same cert that example.com uses? If I can use the same certificate, which piece of AWS should I start with?
For the certificate it depends if its a wildcard certificate that covers the whole domain example of a wildcard certificate would be *.example.com the you can use the same certificate for your sub domain(s)
A typical hosted secured site with S3 and Cloudfront would follow the following steps
Create an S3 Bucket
Bucket name - your domain name
Select your bucket, go to Properties -> Static Website Hosting, then Enable
Website Hosting
Grant public read access to allow cloudfront to read from your bucket.
Get SSL certficate/ Use existing if applies
AWS provides free SSL certificates, which work with browsers that support SNI. You can import your own SSL certificate.
CloudFront configuration
Create a new Web distribution. Under Origin Settings, use the Endpoint
you copied from your S3 bucket’s static hosting setup. Many other
guides instruct this without explaining why — this is because if you
have redirect rules configured with your S3 bucket and you specify the
internal AWS S3 resource, the redirects will no longer work.
Therefore, you must specify the website endpoint domain to ensure
redirection functionality works.
Under Default Cache Behavior Settings, it’s worth selecting Redirect
HTTP to HTTPS and narrowing down the Allowed HTTP Methods — for a
static website, GET and HEAD will do.
Under cloudfront distribution settings configure:
Set your domain names under Alternate Domain Names (yourdomain.com,
and optionally, www.yourdomain.com)
Configure SSL by selecting Custom SSL Certificate, then choosing the
certificate generated or imported in to Certificate Manager.
Finally, specify the Default Root Object. This should match your S3
bucket’s Index Document, usually index.html. This is simply where all
requests are redirected to when a client requests your website URL
without a path
Route 53 configuration:
Head over to hosted zones
Select the hosted zone for the domain or subdomain you wish to use
Create a record for your site: select Alias and in the dropdown you should see your cloudfront distribution, select it as your alias target and save it.
For more detailed info check: https://medium.com/#willmorgan/moving-a-static-website-to-aws-s3-cloudfront-with-https-1fdd95563106
I'm about to launch a static website using S3/Cloudfront. I don't need HTTPS for the site, but the current iteration of the website is served over HTTPS and has hundreds of links and indexed URLs that are HTTPS.
I've been searching for hours and can't find a way to redirect our HTTPS URLs to HTTP when only using S3/Cloudfront. Currently the HTTPS URL will refuse the connection instead of redirecting to the HTTP version of the page.
With no Apache it seems it is not possible to do this. Any hints?
Static website hosting on S3 does not support HTTPS unless you use the full domain path, i.e. example.com.s3-website-us-east-1.amazonaws.com. Since you want to keep your URL, you'll have to use a CloudFront distribution to handle SSL.
Upload your SSL certificate to CloudFront:
aws iam upload-server-certificate --server-certificate-name CertificateName --certificate-body file://public_key_certificate_file --private-key file://privatekey.pem --certificate-chain file://certificate_chain_file --path /cloudfront/path/ [1]
Create a cloudfront distribution and configure as so:
Origin Domain Name: your s3 bucket's public static website hosting endpoint (not the endpoint that CloudFront autocompletes)
Alternate Domain Names (CNAMEs): desired location for your website, e.g. example.com or www.example.com
SSL Certificate: Select the SSL certificate you uploaded in step 1.
Custom SSL Client Support: Unless you need compatibility for really old clients, select "Only Clients that support Server Name Indication" and save $600.
If you are redirecting https to s3 redirect, the origin domain should not be the autocomplete bucket, but the static redirect endpoint s3 gives you
Save your distribution. It should show Status "In Progress". It generally takes ~15 minutes before a distribution is "Deployed"; don't move on to step 4 until your distribution is "Deployed".
Verify the distribution works: navigate to the CloudFront distribution via the domain name in the list, e.g. "https//d111111abcdef8.cloudfront.net/". You should see your website.
Change your DNS records to point to the CloudFront distribution instead of the S3 bucket.
[1] if you have trouble adding your certificate to CloudFront check out this article for further information: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#cnames-and-https-procedure