I have a website hosted on AWS s3. The website is working fine on HTTP. Since I needed SSL on my website, I tried to set up a CloudFront distribution with SSL from ACM. The CloudFront link that I get after the distribution setup shows HTTPS which proves that the SSL is attached to the distribution. But when I try to access the website, it only works on HTTP and not on HTTPS. I have set up an A record in route 53 to the CloudFront distribution.
Related
I created a Let's Encrypt wildcard certificate for *.example.cz on Amazon Linux EC2 instance using CertBot.
The certificate attached to nginx web server on EC2, website works fine both over HTTP and HTTPS. There are couple of DNS records www.example.cz and *.example.cz of type A with EC2 IP Address.
Then to point a subdomain cdn.example.cz to a S3 Static Website Bucket:
I imported the same wildcard SSL certificate from EC2 to AWS Certificate Manager.
Created a CloudFront distribution with the imported SSL Certificate.
Created a CNAME record cdn.example.cz and pointed it to S3 bucket's URL.
When I request an object from S3 using http://cdn.example.cz/object.jpg it works, but the request over HTTPS keeps busy until reaches time out.
I tried CloudFront's Alternate domain names to be cdn.example.cz, and also tried www.example.cz example.cz. None worked.
AWS Certificate Manager
CloudFront Distribution
CloudFront Distribution Origins
CNAME record had to be pointed to CloudFront Distribution domain name
xxxxxxx..cloudfront.net
I'm not sure about this but I also removed eu-south-1 from Origin domain name so it's now cdn.example.cz.s3.amazonaws.com
Once I updated CloudFront distribution, I had to wait few hours for the change propagated properly (as it was initially pointing to S3 before I was aware that CloudFront was required for SSL). As soon as it was, this settings worked perfectly.
I did a search in the aws docs and couldn't find anything that could help me to setup a cloudfront distribution for a non aws origin server to secure my domain with https. I'm using route 53 to manage my dns for the domain, I'd like to setup https for the domain but it is not hosted with aws. How can I use aws to create a secure domain with https?
Update: I've created the cloudfront distribution and set the alternative cnames to the domain (example.com and www.example.com). In Route 53 I updated the A record for the domain - example.com - to be an alias and pointed it to the cloudfront distribution, but when I try to access the site I get page not working error. The domain does now have he secure padlock, but I can't access the site. Here is the error that I get when I access the site:
The simplest way is to use a CloudFront distribution in front of your non AWS endpoint. This endpoint would be configured as a custom origin endpoint.
You would need to generate or upload a certificate to ACM to attach to the resource. This must be done before you can use the distribution on your own domain, if you don't have it when you create the distribution you will need to edit it later.
The AWS documentation includes documentation for Creating a Distribution. If you follow this and reference your endpoint as the custom origin you will be able to create the host.
You will need to ensure you configure the Origins Origin Protocol Policy option to be HTTP Only if your host does not have a HTTPS certificate.
Be aware that as the CloudFront distribution communicates with your endpoint over the internet, any traffic between CloudFront and your endpoint will still not be encrypted.
So I created two buckets in S3. One with my domain name xxx.ninja and the other with the www. subdomain. The www one I redirected to the first. Then I created a domain in Route 53. And because I wanted https on my site I created a cloudfront distribution with redirect http -> https.
The s3 bucket url works just fine, but the site URL does not. I think I may have set it up incorrectly.
In AWS CloudFront I created my distribution and used the cloudfront default SSL cert. I choose redirect http -> https. And I pasted in my s3 website URL.
Then I copied the domain name and went to Route 53. After I created my domain I open its hosted zone and added an A record with the alias of the cloudfront domain name.
But the URL doesn't work. I get a 403 CloudFront error in the browser.
Thoughts?
IF you're using the default CloudFront SSL this indicates to me that you're not using a custom hostname (which would deny access to the CloudFront distribution).
You will need to add additional names to your CloudFront distribution (specifying every hostname that will have a DNS record resolving to the CloudFront distribution). In addition you will need to generate an SSL in ACM (which is free), this must be in region us-east-1.
More information on how to add a custom domain to your CloudFront distribution is available here.
Documentation
Offers only HTTP, how to make it to work on HTTPS? Is it possible?
I configured and it is working fine for HTTP, but for HTTPS I'm getting
This site can’t be reached
Even though I created certificates to my domain in AWS Certificate Manager.
CloudFront can be used to serve HTTPS request for static website hosted on S3.
Here is some AWS documentation https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-https-requests-s3/
Also, i found this blog very explanatory - https://medium.com/#sbuckpesch/setup-aws-s3-static-website-hosting-using-ssl-acm-34d41d32e394
Hope this helps.
To configure HTTPS for Static website hosted using S3 as Web site feature, you have to configure AWS CloudFront to serve the website from the CDN locations and ACM can be configured on CloudFront distribution.
Create the Route 53 record set pointing to CloudFront Distribution Endpoint
This way you can server the S3 website on HTTPS and also it will reduce latency as well to your end users request.
Hope this helps
I have a static webpage on AWS S3 with Cloudfront. Cloudfront is setup with ACM (AWS Certificate Manager) and am using Route 53 with it. How can I have both the www.my-endpoint.com and my-endpoint.com endpoints secure with https?
Here are some details:
My ACM certificate is setup for just my-endpoint.com and is attached to the Cloudfront distribution
I have a Cloudfront A Records for my-endpoint.com whose alias points to Cloudfront
My www.my-endpoint.com is configured so its alias is my-endpoint.com
When I navigate to https://www.my-endpoint.com chrome complains of a potential security risk whereas the https://my-endpoint.com is fine.
Create a new ACM request for your-domain.com and www.your-domain.com (and better yet, *.your-domain.com).
Use the newly created certificate (after verification) on your CloudFront instance.
The redirection from https://www.domain.com to https://domain.com will work after you have a valid certificate for both domains.