I am trying to go full HTTPS, have no problem with the main site, but have problem with CNAME cdn.example.com which is my Amazon cloudfront distribution domain.
I went through all documentation I could find on AWS, but cannot find anything that could help me.
My distribution uses default wildcard cloudfront certificate.
I also have wildcard cert for my domain.
Any suggestions please
Related
I've been trying to point my custom domain to the cloudfront distribution that's serving an s3 bucket.
I've been following this guide, but it doesn't work. I cannot figure out what's going wrong.
The cloudfront-s3 connection is working, becuase when I open the auto-assigned dns from cloudfront, it opens the site.
There's something wrong with the dns names. I have two certificates, one for root domain, one for *.. I use the second one, as I cannot work with root domain on google domains side, and as the guide suggested, I reroute to www. on Google Domains (doesn't seem to work though, if I try to open , it doesn't redirect me to www.).
When I try to open the address, it says:
This site can’t be reachedCheck if there is a typo in www.<root-domain>.
DNS_PROBE_FINISHED_NXDOMAIN
So in summary in Google Domains I have 2 CNAMEs, one for the certificate, one for the cloudfront distribuiton. The host name for the cloudfront distribution is wwww., and for the cert it's auto assigned by aws.
The certificates are confirmed that are issued, and assigned to the cloudfront distribution, also alternative domain names contain www..
I have a route 53 hosted zone created for www., and an alias created for cloudfront distribution.
Any clue what may have I done wrong?
Similarly to other stacks, I have hosted a website using AWS services:
Registered domain on Route 53 (example.net)
Content is hosted on an S3 bucket
Got an SSL certificate using AWS Certificate Manager
Created a CloudFront distribution, pointed it to S3 and connected it to my domain with Route 53.
All of this works except for an issue at what seems to be the final hurdle. When I enter my domain url into the search bar, example.net, the connection isn't secure by default. I've illustrated the problem here.
I'm relatively new to hosting and can't find a solution relating to this. My thoughts are that I'm missing some Cloudfront or Route 53 configuration, since another thing that doesn't work is connecting via www (I don't care about that issue as much). Any input is appreciated.
By default enabling HTTPS on a website doesn't disable HTTP. They are both available, on separate ports. That's why you have to type https:// in the browser's address bar to go directly to the HTTPS version of your website. You can get CloudFront to redirect all HTTP requests to HTTPS by following this guide.
I have
An AWS S3 bucket as a static site
A CloudFront distribution with ACM SSL certs
A Name.com domain name
A Heroku web app
I successfully have www.domain.com pointing to my abc123.cloudfront.net website. I also have api.domain.com successfully pointing towards my heroku app. I used ACM to generate a certificate for www.domain.com and Heroku handles its own SSL stuff as well.
That's pretty good, but just to be anal, I want domain.com to also point to my CF address. However it does not. This is how I set up my CF and DNS and wonder if anyone has any ideas. I've gone through about 20 SO questions and articles with no luck. Also Name.com URL forward does not seem to work.
DNS Settings
CloudFront Settings
Based on the comments.
Currently, only www.domain.com record is used to direct connections to CloudFront (CF) distro. To direct domain.com, a new record should be created which also points to the CF distro in Name.com DNS.
In addition to these, CNAME in CF as well as SSL certificate should also include domain.com.
I'm currently hosting a React website through AWS CloudFront. I have the CloudFront URL, ex: http://xxxxxxxxxxxx.cloudfront.net but I want to use the distribution with my domain name. I am using Google Domains at the current moment. I've looked into CNAME records and ALIAS records (Google Domains currently doesn't support ALIAS) but still haven't figured out a solution. At the same time, I'm trying to reduce downtime for the site, so this is a bit tricky because I'm trying to minimize experimentation.
Here's what I've tried:
CNAME: www -> xxxxxxxxxxxx.cloudfront.net
Result: caused website to not load
CNAME: # -> xxxxxxxxxxxx.cloudfront.net
Result: Google Domains doesn't let you do this!
I also tried Google's "Synthetic Records" for redirection, but as I expected that just redirects to the CloudFront domain whenever I enter my domain.
I know that AWS Route 53 would be a valid option except that they don't support '.app' domains for some reason.
I've included the domain CNAME and SSL certificate on CloudFront, but I'm confused about what I'm doing wrong as for the DNS info.
Has anyone had experience setting up a CloudFront website for their own domains using Google Domains? I've done a bunch of research on this but for some reason haven't found any results that have helped me.
I'm following the serverless-stack guide and have a website hosted in an Amazon S3 bucket. I purchased a domain using GoDaddy and I have set up cloudfront to work with this bucket, then have used AWS certificate manager to generate SSL certificates for my domain (both www.my_domain.com and my_domain.com).
In GoDaddy I then configured DNS forwarding to point to my cloudfront resource.
This all works nicely, and if I go to my_domain.com in a browser then I see my website.
However, I can't get SSL working. If I go to the https:// version of my website then I see a not secure error in the chrome address bar which shows a certificate pointing to shortener.secureserver.net rather than my own website.
Could someone point me at a way around this? Looking through S.E. and using google it seems that Amazon's route53 might be able to help, but I can't figure out how to do this.
Thanks!
(edit) To make things more clear, this is what I see in Chrome if I connect to https://my_website.com or to https://www.my_website.com
The warning message:
The certificate details:
What I do not understand is why, after configuring an AWS certificate for my domain, I see a certificate for shortner.secureserver.com rather than a certificate for my_website.com.
Go daddy has problems and does not redirect to https, There are two ways, the first is to change domain registrar and the second is the easiest, which is: Create a hosted zone on AWS router 53 with your domain name
Create 2 type A records, one for the root (of your domain) and one for www that point to your cloudfront. Router 53 allows you to create a type A record without having an IP, because it directly points to a cloudfront instance that you indicate, that's the best
Then in go daddy it gives you the option to change name servers and puts the ones assigned by aws in hosted zone with the record that says NS and you put those 4 in Godaddy, replacing the ones that had
Note: SAVE THE NAME SERVERS THAT YOU HAVE IN GO DADDY BEFORE REPLACING THEM, IN CASE YOU HAVE ANY PROBLEM, YOU CAN REPLACE THEM AGAIN
You have to wait at least a few hours until all the name servers are updated, you can use the who.is page to see if the DNS have already been updated with those of aws.
It turns out that this is not possible with GoDaddy. If anyone else reading this has a similar problem, only current solution is to cancel your domain registration and register with someone else.
(edit) As #aavrug mentions in their comment, Amazon now have a guide for this.
When you defined your CloudFront you can defined whether you want to use, and you can choose HTTPS only. In this case HTTP requests will be automatically redirected to HTTPS. Have in mind CloudFront changes may take a while to be replicated and your browser cache it as well, so the best way is to make a change, wait for the deployment and then check it in a new cognito browser.
It goes without saying that your certificate must be valid and verified as well.
It might be something wrong with your certificate or with your domain.
If you serving your content over HTTPS you must provide a SSL Certificate in Cloudfront. Have you done that?
Have you added your domain on Alternative Domain Names (CNAMEs)?
Please have a look on the image below:
-> AWS provides Free SSL Certificates to be used with Cloudfront, so you might want to use it (easier than you import your SSL from go daddy).
You can create a free SSL certificate on AWS and easily attach it to your cloudfront distribution.
-> You can also transfer your domains to AWS Route53. It is easy to integrate with any AWS Service and easy to use/maintain :)
I wrote a complete guide on my blog telling how you can add Custom SSL and attach custom domain to Cloudfront distribution, it might be useful :)
https://lucasfsantos.com/posts/deploy-react-angular-cloudfront/