Reputation: 153
AWS certs on root domain
I have an AWS route 53 domain that's hosting an S3 bucket for my site. I added a wild card cert i.e. *.example.com to my domain. However, when I access https://example.com the browser doesn't pick up the cert. If I go to to https://www.example.net the cert works just fine. (in both scenarios the page loads)
I'm wondering what the best solution would be? I see websites like facebook will automatically redirect to the 'www' subdomain but stackoverflow doesn't seem to?
Do I create a new cert? Do I try to configure route 53 to automatically redirect? If so how? I see other people having this issue where they link to an s3 bucket but say it won't work over https?
SEO also seems to be something I should be considering but I'm not sure what the consequences would be specifically.
Any help would be appreciated.
Upvotes: 2
Views: 1975
Answers (2)
Reputation: 2317
I think you don't need redirection. You can request an ACM certificate with multiple domains (use the "Add more names" button)i.e. you have to request a new certificate for following domains: Domain 1: example.com (for the apex domain itself) Domain 2: *.example.com (for subdomains till one level)
Once it is issued and attached to supported resource (should be CloudFront in your configuration), the certificate will protect both example.com and www.example.com .
Upvotes: 4
Reputation: 13025
You need separate certificate for the root / naked domain.
SSL Certs are valid for the given wildcard depth. * , * .*, * .* .* etc.,
Based on the cert pattern you can notice it is
*.example.com not *example.com
In case if it matches to all strings in the prefix without a dot. It will match all of the domains like
aexample.com bexample.com and example.com
as well.
Also your cert works only to one level deep. It will not work for
anything.something.example.com
There is a nice discussion about the second level subdomain ssl certs.
https://serverfault.com/questions/104160/wildcard-ssl-certificate-for-second-level-subdomain
Even in that case, you domain need to be only in the forms of,
something.anything.example.com and it will not work for something.example.com since cert is for
such as * .*.example.com and not *.example.com
Hope it helps.
Upvotes: 1
Related Questions
- NET::ERR_CERT_COMMON_NAME_INVALID with Cloud front
- AWS Certificate Manager only works for root domain?
- AWS CloudFront now requiring alternate cname to have security certificate causing problem
- Setting CNAMEs to CloudFront
- aws how to set up ssl certificates for cloudfront distribution, for route 53 hosted domain?
- AWS certificate manager https configuration for domain
- Problem associating CloudFront distribution with Route 53 domain
- Subdomain with WWW not secured even with a SSL Certificate
- AWS Cloudfront custom sub domain TSL / SSL: "Not secure / certificate invalid"
- Applying SSL Certificates using AWS / EC2