I have the domain registered with Godaddy and using AWS Route53 service for mapping the S3 hosted static website to the domain name. I followed the guides & created the two buckets, primary bucket being www.example.com & redirecting the apex domain example.com to the sub-domain www.example.com.
Everything is fine. The website is viewable on the above two addresses.
However, I am having difficulty getting https SSL certificate to work.
Then I requested a certificate using the AWS Certificate Manager using the following settings:
domain name: example.com
additional name: *.example.com
Finally I created the CloudFront Distribution using the following settings
S3 bucket address for www.example.com bucket
alternative domain: example.com
& linked the custom certificate field to this newly created certificate.
Everything is enabled & I get no error, however, the address: https://example.io & https://www.example.com are still not working.
Note, It still doesn't work inspite of giving it a day to be fully operational. What am I doing wrong with setting cloudfront distribution with my s3 buckets & linking with the certificates?
Thanks
Related
I created a Let's Encrypt wildcard certificate for *.example.cz on Amazon Linux EC2 instance using CertBot.
The certificate attached to nginx web server on EC2, website works fine both over HTTP and HTTPS. There are couple of DNS records www.example.cz and *.example.cz of type A with EC2 IP Address.
Then to point a subdomain cdn.example.cz to a S3 Static Website Bucket:
I imported the same wildcard SSL certificate from EC2 to AWS Certificate Manager.
Created a CloudFront distribution with the imported SSL Certificate.
Created a CNAME record cdn.example.cz and pointed it to S3 bucket's URL.
When I request an object from S3 using http://cdn.example.cz/object.jpg it works, but the request over HTTPS keeps busy until reaches time out.
I tried CloudFront's Alternate domain names to be cdn.example.cz, and also tried www.example.cz example.cz. None worked.
AWS Certificate Manager
CloudFront Distribution
CloudFront Distribution Origins
CNAME record had to be pointed to CloudFront Distribution domain name
xxxxxxx..cloudfront.net
I'm not sure about this but I also removed eu-south-1 from Origin domain name so it's now cdn.example.cz.s3.amazonaws.com
Once I updated CloudFront distribution, I had to wait few hours for the change propagated properly (as it was initially pointing to S3 before I was aware that CloudFront was required for SSL). As soon as it was, this settings worked perfectly.
I have hosted a static website on AWS S3 with a custom domain (purchased from crazy domain). I have obtained SSL certificate from AWS ACM.
I need to redirect bare domain "example.com" to "https://www.example.com".
Following are the steps I have followed so far -
Created 2 buckets on S3 - example.com (Used for redirection) and www.example.com (Used for website hosting)
Created 2 cloudfront distribution -
One with "Origin Domain Name" as "example.com.s3.amazonaws.com" and another with another with "Origin Domain Name" as "www.example.com.s3-website-ap-southeast-2.amazonaws.c
om"
Created CNAME record set on crazy domain with WWW pointing to cloudfront distribution as
Added "A" record set in Route53 for both cloudfront distributions.
When I enter example.com in Firefox and Safari, it is redirecting to https://www.example.com but in Chrome it is showing This site can’t be reached
Can anyone please let me know if there is anything specific I need to do for Chrome?
Finally I have figure it out as -
Added NS record set from Route53 to Crazy domain
Removed CNAME record set with www
Added Web Forward record set in crazy domain
So I created two buckets in S3. One with my domain name xxx.ninja and the other with the www. subdomain. The www one I redirected to the first. Then I created a domain in Route 53. And because I wanted https on my site I created a cloudfront distribution with redirect http -> https.
The s3 bucket url works just fine, but the site URL does not. I think I may have set it up incorrectly.
In AWS CloudFront I created my distribution and used the cloudfront default SSL cert. I choose redirect http -> https. And I pasted in my s3 website URL.
Then I copied the domain name and went to Route 53. After I created my domain I open its hosted zone and added an A record with the alias of the cloudfront domain name.
But the URL doesn't work. I get a 403 CloudFront error in the browser.
Thoughts?
IF you're using the default CloudFront SSL this indicates to me that you're not using a custom hostname (which would deny access to the CloudFront distribution).
You will need to add additional names to your CloudFront distribution (specifying every hostname that will have a DNS record resolving to the CloudFront distribution). In addition you will need to generate an SSL in ACM (which is free), this must be in region us-east-1.
More information on how to add a custom domain to your CloudFront distribution is available here.
I am trying to use cloudfront for static website s3 with my custom domain.
Following are the steps I followed:
1) Setup a s3 bucket (say, example.com) and enabled static website hosting on it.
2) Also setup a s3 bucket (www.example.com) which redirects to example.com.
3) In route 53, added a hosted zone (example.com) and added the record sets.
4) After this, http://example.com works for me.
Now I am trying to add cloudfront to it. I added the following steps:
5) From Amazon Certificate Manager, added a certificate for www.example.com and got it verified (added to Route 53 DNS, it was verified automatically after some time).
6) Created a cloudfront distribution with following settings:
Domain Origin: www.example.com
Origin Protocol Policy: HTTP Only
Alternate Domain Name: www.example.com
SSL Certificate: Selected from ACM
When I try to launch: https://example.com or https://www.example.com, the site doesn't load. http://example.com does load, but I am not sure if cloudfront is actually working on this or not. Also why is https not loading?
To setup the S3 bucket behind the CF distribution WITH SSL you need to:
Setup S3 bucket example.com (Block all public access = off, policy https://d.pr/i/KU1Q4z)
Create certificate in ACM issued at example.com and *.example.com(or specific subdomain at will), validate it
Create CF distribution
Set created CF alternate domain names to: example.com *.example.com (other subdomain here)
Use custom SSL certificate (previously created and validated)
Create/change default origin, to: example.com.s3-website-AWS_REGION.amazonaws.com with origin protocol policy HTTP Only
CF Default origin behaviour should be more-less like this: https://d.pr/i/h6PrG6
In Route 53 set CF A ALIAS for example.com and CNAME for *.example.com (or other subdomain) pointing at CF_DISTRIBUTION_ID.cloudfront.net
you need to go into rt 53 and point the domain at your cloudfront distribution. It won't appear as an option unless you've set the domain as an alternate domain in the distribution settings. Also, that cert won't work for anything except www.example.com, meaning example.com is excluded. you need a cert that includes example.com and www.example.com (or *.example.com to cover all subdomains)
I have a static webpage on AWS S3 with Cloudfront. Cloudfront is setup with ACM (AWS Certificate Manager) and am using Route 53 with it. How can I have both the www.my-endpoint.com and my-endpoint.com endpoints secure with https?
Here are some details:
My ACM certificate is setup for just my-endpoint.com and is attached to the Cloudfront distribution
I have a Cloudfront A Records for my-endpoint.com whose alias points to Cloudfront
My www.my-endpoint.com is configured so its alias is my-endpoint.com
When I navigate to https://www.my-endpoint.com chrome complains of a potential security risk whereas the https://my-endpoint.com is fine.
Create a new ACM request for your-domain.com and www.your-domain.com (and better yet, *.your-domain.com).
Use the newly created certificate (after verification) on your CloudFront instance.
The redirection from https://www.domain.com to https://domain.com will work after you have a valid certificate for both domains.