AWS API Gateway SSL: certificate subject name (*.execute-api.ap-south-1.amazonaws.com) does not match target host name 'custom-domain'

Question

I have created one API using API Gateway. The API is working fine if I call it from localhost or any server outside AWS network(Server is not instantiated from AWS) but when I am trying to call the same API from any server which is within AWS network, it does not work. I have created custom domain.

When we are calling the API using custom domain name, below error is thrown: SSL: certificate subject name (*.execute-api.ap-south-1.amazonaws.com) does not match target host name 'custom-domain-name'

but if I use the API 's origin url(getting from the stage), then it throw: {"message":"Forbidden"}

Here is the code I am using:

curl --header "Content-Type: application/json" --header "x-api-key: ViR6gYpw046xxxxxyyyyyyzzzzzzzzzzzzzzzzzzzzzz" --request POST --data '{"username":"xyz","password":"xyz"}' https://post-data.xyz.com/post-userdata-v1/user-data

Below are few details:

API type: Post

Lambda function is integrated

Any advice would be greatly appreciated.

Thanks Biswajit

Answer 1

Since the API is accessible from localhost and servers outside AWS, the setup seems to be fine. The calls from AWS servers would be failing due to the DNS settings in the VPC from which these AWS servers are launched.

Check the following two settings in your VPC and enable them if not done.

You can enable them by following this path: VPCs >> Select Your-VPC >> Actions