I am trying to configure a custom domain from namecheap to serve my cloudfront distribution. I did all steps i am aware of but the https is not working.
What i did:
created cname record for my domain in namecheap: www -> d12312***.cloudfront.net
created and validated amazon certificate from acm (it shows "issued" for www.mysite.info)
Edited my cloudfront distribution, included the domain www.mysite.info to the alternate domains section, selected "custom ssl" and selected the certificate i created from step 2.
Now my domain www.mysite.info/test.jpg does show the image hosted from my cloudfront, but the https is not working, showing "not secure", what's wrong ?
Please, I don't want to use route 53.
Nevermind, it worked after a while.
Though i struggled with the certificate manager dns verfication.
Amazon asks you to put a cname record like:
Name: _220a646ed9c024bb4e8a234d7224ae.www.mysite.com.
Type: CNAME
Value: _d5983967e8as12f80ae85685bb5ce7.hsdfuiqjoua.acm-validations.aws.
If you put/update the cname records as shown, it won't work, instead, remove the domain name from the name:
_220a646ed9c024bb4e8a234d7224ae.www
and keep the value as it is.
wait 10mins
Hit "continue" in amazon certifcate manager. voila! it shows certificate issued.
Related
What I have done so far:
I uploaded my Laravel App to Elastic Beanstalk
I purchased a domain name at namecheap: domain.net
I set up a Hosted Zone for domain.net in Route 53
I entered the NS infos from the Hosted Zone in the section of my domain at namecheap
I got a certificate from Certificate Manager and associated domain.net, I got a second cert for *.domain.net
I created a CNAME record for the certificate in the Hosted Zone (see picture below)
I created a CloudFront distribution, under "Origin Domain Name" I put the Elastic Beanstalk URL, chose "Redirect HTTP to HTTPS", entered domain.net unter "Alternate Domain Names" and chose the SSL cert for domain.net
I repeated the previous step for *.domain.net
Then in Hosted Zones I created an Alias record for domain.net pointing to the CloudFront distribution for domain.net and another Alias record for *.domain.net pointing to the respective CloudFront distribution (see picture below)
Question
I went on the website and got an SSL connection for both domain.net and www.domain.net, even the redirection from HTTP to HTTPS works. But when I click on a link in the navigation menu for example, like "About", the page I get is NOT domain.net/about, but http://myenvironment-env.eba-zxsw5igy.us-east-1.elasticbeanstalk.com/about with a "Not Secure" connection. When I enter the URL manually in the browser, however, like domain.net/about, I get the correct URL. What may I have done wrong?
Here is the overview over the records from the Hosted Zone.
Update
Configuring Route 53 with the same Laravel application code on Elastic Beanstalk without SSL (+CloudFront) works fine. I am able to access any links on the website, they resolve correctly to domain.net/about etc.
Maybe I do not connect CloudFront to Elastic Beanstalk correctly? Again, this is what I do in the CloudFront distibution: Under "Origin Domain Name" I put the Elastic Beanstalk URL, I choose "Redirect HTTP to HTTPS", I enter domain.net unter "Alternate Domain Names" and chose the SSL cert for domain.net
So, I found a solution for my problem. By default, CloudFront sets HTTP Request Header to the origin hostname -- for me this was the ElasticBeanstalk URL. The application then generates links based on that origin.
To change that behavior one has to create a Cache Policy and an Origin Request Policy and add the host header to a whitelist, so CloudFront uses the hist header that is sent from the browser.
This answer gave me a hint on what to do, as well as these AWS resources:
This gives an overview about the solution
How to create a Cache Policy and attach it to your distribution
How to create an Origin Request Policy and attach it to your distribution
Im following this tutorial to add HTTPS to my EC2 Elastic Beanstalk website:
https://medium.com/#jameshamann/configuring-your-elastic-beanstalk-app-for-ssl-9065ca091f49
I have modified my instance to run on a load balancer and created the certificate with DNS validation in AWS Certificate Manager. I entered my domain name, added the CNAME record to google domains as follows:
From AWS:
Name: _XXXXXc0c9db9a6c9300e65f9XXXXXXXX.www.mydomainame.com.
Type: CNAME
Value: _XXXXX83f612f59e5b0568896XXXXXXXX.jfrzXXXXXX.acm-validations.aws.
In Google Domains I created a CNAME record as follows:
Name: _1084c0c9db9a6c9300e65f9ceXXXXXXX
Type: CNAME
Value: _XXXXXXXXX12f59e5b0568896XXXXXXX.jfrzfXXXXXX.acm-validations.aws.
The certificate never gets validated, I have waited for days and it even expired. Does anyone know how to achieve this?
Thanks!
What domain is your cert registered for?
It looks like you are saying AWS said the record should be _XXXXXc0c9db9a6c9300e65f9XXXXXXXX.www.mydomainame.com which means _XXXXXc0c9db9a6c9300e65f9XXXXXXXX needs to be added as a record under the subdomain of www.mydomainame.com
You may be adding the record under mydomainname.com and not under the www subdomain which is may be why it's not working.
I would suggest recreate the ACM create and creating a wildcard cert under the top level domain (e.g. *.mydomainame.com).
I am getting stuck while trying to secure my S3 hosted website. The steps I have followed are:
I have created a custom domain with Route 53, hosted on S3.
Created an SSL certificate.
Created a CloudFront distribution and and set it to use my ssl certificate, and given my custom domain as the CloudFront "alternate domain name"
Created a public hosted zone for my domain.
Created "A" and "AAAA" records to link my domain to my CloudFront distribution.
However, I cannot access my website, either HTTPS or just HTTP. But I can access the website through the CloudFront Domain name just fine. Just not when I tried to access it through my custom domain name. (example.com)
You need to follow some steps to access your cloudfront distribution through a custom domain. Please check these 3 steps:
1 - Have you added a CNAME entry in cloudfront distribution as shown by the image below?
2 - All that you need in ROUTE53 is create an ALIAS entry pointing to your cloudfront distribution. Have you added this? If your settings are right, Route53 will give you the option of your distribution which matches with your domain. (Make Sure that you have set CNAME entry). Please refer to the image below:
3 - For last, please make sure that your SSL match with your domain.
I believe that you probably missing CNAME entry as described by step 1.
1.I have a domain purchased through godaddy. I have set custom DNS and added 4 name servers generated by the hosted zone in AWS Route 53. DNS lookup through whois.net shows the correct values.
2.In Route 53, I have added an A record to the Alias Target xxxxxxxxxxxxxx.cloudfront.net. So the traffic hits Route 53 and goes to CloudFront.
3.In CloudFront, I have one distribution. As Alternate Domain Names (CNAMEs), I have the following values:
*.domain.com / www.domain.com / domain.com
Under origins, I have one record with the following Origin Domain Name:
domain.com.s3-website.az-name-1.amazonaws.com
4.I am hosting website in an S3 bucket. All HTTP requests are set to redirect to HTTPS.
5.Lastly, I have created (US East (N. Virginia) region) and verified a single certificate for the following domain names: domain.com, www.domain.com, *.domain.com
I have read some answers that I should just wait and the custom SSL certificate option will become enabled. It's been more than day now, however, and there is no sign of that happening.
My website works in http mode, but not in https url. Any solution ...Please help...
PS. I am new to aws, please help me...
HTTPS settings was working perfectly as cloudfront url was working as expected so I realized it was just a DNS issue. All it took was an TYPE A record pointing to it.
Solution :
Add/edit proper "TYPE A" record with "Alias Target" as a cloudfront url.
Credit : Setup AWS S3 static website hosting using SSL (ACM)
Can you confirm whether you have used ACM to generate the SSL certificate? Or you are using SSL certificate from other vendors?
STEP 1:
If you have generated the SSL Certificate from ACM, please make sure you did that with US East (N. Virginia) region. Because, CloudFront being an AWS service which is not tied to any specific region, it will use the certificates from US East region only.
STEP 2:
1. Use the "Request or Import a certificate" option in CloudFront
2. Select the certificate which you generated
3. Complete the setup and try
If everything else is setup fine, you should be able to access the contents with HTTPS after the above step.
Let me know in case it didn't work
For anyone else coming across this issue, the button was greyed out for me also and YES, I had requested the ACM cert in us-east-1.
The fix was to try in the Edge browser instead of Chrome.
For me the solution was very simple... I failed to add "Alternate Domain Name", once I did everything clicked.
I have seen many posts on this topic, but I have not been able to resolve the issue, so I am posting my setup in case anyone knows what needs to be changed?
I have a domain purchased through Namecheap. I have set custom DNS and added 4 name servers generated by the hosted zone in AWS Route 53. DNS lookup through whois.net shows the correct values.
In Route 53, I have added an A record to the Alias Target xxxxxxxxxxxxxx.cloudfront.net. So the traffic hits Route 53 and goes to CloudFront.
In CloudFront, I have one distribution. As Alternate Domain Names (CNAMEs), I have the following values:
*.domain.com
www.domain.com
domain.com
Under origins, I have one record with the following Origin Domain Name:
domain.com.s3-website.az-name-1.amazonaws.com
I am hosting website in an S3 bucket. All HTTP requests are set to redirect to HTTPS.
Lastly, I have created and verified a single certificate for the following domain names: domain.com, www.domain.com, *.domain.com
I have read some answers that I should just wait and the custom SSL certificate option will become enabled. It's been more than day now, however, and there is no sign of that happening.
My website works, but the misconfigured certificate (using the default *.cloudfront.net) throws a warning popup in Safari, and worse, a warning page in Chrome which most people are not going to bypass.
To use an ACM Certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM Certificates in this region that are associated with a CloudFront distribution are distributed to all the geographic locations configured for that distribution.
http://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
CloudFront is not a regional service like most of the others. It's a global service with a single home region -- us-east-1. It can't see ACM certificates in any other region (you'd create certificates in other regions if you wanted to use them with Elastic Beanstalk or Elastic/Application Load Balancers).
From the description of what you observe, you didn't create the ACM certificate in us-east-1.
Create a new cert in us-east-1, and the option to use it should become available almost immediately in CloudFront.