I have an issue I've been working on in aws. I have a website made for a friend and can't seem to get the connection secure. What I used is the certificate manager in aws and have received a certificate for my domain. Here's one of the links I used as an example. https://aws.amazon.com/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/ I have followed examples online but they seem to be for load balancer's. What I'm a missing?
I found a useful tutorial and I share it with you how to setup your domain with s3 Bucket and CloudFront from AWS https://www.youtube.com/watch?v=uwgB_sIhIko&t=321s
Related
My SSL working fine on AWS (https://786times.com). I delete ELB a few days ago,But after this I face SSL issue on my website.Everything looks fine like ec2, cloudfront,hosted zone DNS records,Please give me solution?
I make SSL again through Certificate Manager of AWS using DNS validation method and include in Cloudfront also.
but still not working SSL with my website.
Any one Guide me.
I am using Wordpress Bitnami.
Thanks
786times.com#gmail.com
I Expect from Technical friends that they reply.
I have a domain hosted through Google. I'm using Google Workspace for a lot of my day-to-day operations (e.g. Drive, Gmail, etc). I'm using AWS as my infrastructure and business logic for my application. I'm having trouble making my site support TLS. If you visit it now, you get this on chrome and I can't seem to make HTTPS requests work.
I have my domain pointing to AWS via Custom Name Server.
My route 53 has the NS type records listed under the hosted zone
I've tried to request a Certificate from AWS to make it work.
My problem is I don't know how to tell Google about it. How do you let Google know about the certificate so I can make my site HTTPS?
I believe approaching Google is not going to solve your issue as in the above case Google is only responsible to host your domain . So DNS setup is only responsible to route requests to your site and not making your site more secured.
I also found that you are exposing your site as http rather than https and thats why your site is unsecured.
Is your site is running on a web server or is it hosted on S3 as static web site ?
Note: you cant enable https on S3 static website.
The workaround to above problem is below :
Route53 has A record to pointing to ALB (configured with ACM) distributing traffic to Ec2 instances running your web application.
If anyone is still looking. I wanted to keep it cheap with a simple S3 static website. If you want to maintain the S3 part, make a CloudFront distribution (if you haven't already.
Inside the CloudFront under the main settings, use a Certificate you made from Certificate Manager.
Then head over to Route53 (even if the domain is hosted via Google) and route the "A" name record to the CloudFront. NOTE: make sure the "Alternate Domain" name is filled in or else it won't see it.
Let it update for about a minute or two and it will show https
I am hosting a static website with AWS S3 and CloudFront but came up with the problem that I can't receive emails on the registrars email server (strato.de).
The registrar where I reserved my domain name and email server is currently "Strato.de"
In order to host my static website I created a S3 Bucket on AWS and a CloudFront distribution to use TLS/SSL and HTTPS.
I configured my registrar to point to the aws nameservers in the Route 53 configuration, this works perfectly and my website is publibly available.
The problem I am facing is that my emails are also redirected to the aws configuration because the nameservers transfer all traffic instead of only my website.
T
To solve this problem I thought about creating an A-record in my registrar and point to the IP of the CloudFront distribution. Unforntunately they don't use static IP-Adresses. Secondly if I use the S3 bucket directly instead of CloudFront there would be not HTTPS.
I am a beginner in this field and just want to receive emails that are sent to the domain name I reserved at the registrar and at the same time host my website via CloudFront.
I appreciate any help.
Unfortunately, it's not possible, I had a call with Strato and they said you have to use their DNS in order to benefit from their mail service.
My advice will be to use Google suite or Zoho who have more experience in the field, as well you will find a lot of articles explaining how to solve this common issue.
I'm following the serverless-stack guide and have a website hosted in an Amazon S3 bucket. I purchased a domain using GoDaddy and I have set up cloudfront to work with this bucket, then have used AWS certificate manager to generate SSL certificates for my domain (both www.my_domain.com and my_domain.com).
In GoDaddy I then configured DNS forwarding to point to my cloudfront resource.
This all works nicely, and if I go to my_domain.com in a browser then I see my website.
However, I can't get SSL working. If I go to the https:// version of my website then I see a not secure error in the chrome address bar which shows a certificate pointing to shortener.secureserver.net rather than my own website.
Could someone point me at a way around this? Looking through S.E. and using google it seems that Amazon's route53 might be able to help, but I can't figure out how to do this.
Thanks!
(edit) To make things more clear, this is what I see in Chrome if I connect to https://my_website.com or to https://www.my_website.com
The warning message:
The certificate details:
What I do not understand is why, after configuring an AWS certificate for my domain, I see a certificate for shortner.secureserver.com rather than a certificate for my_website.com.
Go daddy has problems and does not redirect to https, There are two ways, the first is to change domain registrar and the second is the easiest, which is: Create a hosted zone on AWS router 53 with your domain name
Create 2 type A records, one for the root (of your domain) and one for www that point to your cloudfront. Router 53 allows you to create a type A record without having an IP, because it directly points to a cloudfront instance that you indicate, that's the best
Then in go daddy it gives you the option to change name servers and puts the ones assigned by aws in hosted zone with the record that says NS and you put those 4 in Godaddy, replacing the ones that had
Note: SAVE THE NAME SERVERS THAT YOU HAVE IN GO DADDY BEFORE REPLACING THEM, IN CASE YOU HAVE ANY PROBLEM, YOU CAN REPLACE THEM AGAIN
You have to wait at least a few hours until all the name servers are updated, you can use the who.is page to see if the DNS have already been updated with those of aws.
It turns out that this is not possible with GoDaddy. If anyone else reading this has a similar problem, only current solution is to cancel your domain registration and register with someone else.
(edit) As #aavrug mentions in their comment, Amazon now have a guide for this.
When you defined your CloudFront you can defined whether you want to use, and you can choose HTTPS only. In this case HTTP requests will be automatically redirected to HTTPS. Have in mind CloudFront changes may take a while to be replicated and your browser cache it as well, so the best way is to make a change, wait for the deployment and then check it in a new cognito browser.
It goes without saying that your certificate must be valid and verified as well.
It might be something wrong with your certificate or with your domain.
If you serving your content over HTTPS you must provide a SSL Certificate in Cloudfront. Have you done that?
Have you added your domain on Alternative Domain Names (CNAMEs)?
Please have a look on the image below:
-> AWS provides Free SSL Certificates to be used with Cloudfront, so you might want to use it (easier than you import your SSL from go daddy).
You can create a free SSL certificate on AWS and easily attach it to your cloudfront distribution.
-> You can also transfer your domains to AWS Route53. It is easy to integrate with any AWS Service and easy to use/maintain :)
I wrote a complete guide on my blog telling how you can add Custom SSL and attach custom domain to Cloudfront distribution, it might be useful :)
https://lucasfsantos.com/posts/deploy-react-angular-cloudfront/
So, I am trying to get the SSL certificate to show up on my website but even after following all the steps from the aws documentation and various internet tutorials. The SSL lock sign is still not visible up on my website.
I found this website really helpful and tried to follow all the steps listed there : https://blog.webinista.com/2016/02/enable-https-cloudfront-certificate-manager-s3/index.html
What I think the problem is that I am not quite certain how to reconfigure the DNS server after creating the cloudfront distribution. In this instance, I just created an alias target for my domain name (shamveelahammed.com) to point towards the cloudfront distribution. But this hasn't worked at all for me. At the moment, I only have 4 entries in my domain record set.
https://www.dropbox.com/s/5g2nkyxip1c22oo/Screen%20Shot%202017-07-05%20at%2002.05.31.png?dl=0
Any help with figuring out my next steps will be massively appreciated. (N.B I am very new to this and still learning how to use AWS.)
As you have restricted bucket access when creating cloudfront .So you dont need the additional alias record for s3 in Route53. you have to generate certificate for both domains www.shamveelahammed.com and shamveelahammed.com OR you can generate wildcard certificate for your domain as *.shamveelahammed.com .
In your case it seems you have generated certificate only for www.shamveelahammed.com Domain only.
Well, thanks for all the helpful answers. I managed to find a work around to solve the issue I was having.
I generated a new certificate for the domain www.shamveelahammed.com .
Created a target alias for cloud distribution pointed towards www.shamveelahammed.com .
And finally, redirected all the requests made in www.shamveelahammed.com in s3 bucket to shamveelahammed.com.
This fixed my problem. Hope this helps...
DNS isn't the issue.
In CloudFront, each Cache Behavior needs its Viewer Protocol Policy configured for Redirect HTTP to HTTPS.