Reputation: 233
Problems using custom CNAME with CloudFront over SSL
I have a problem when using a custom CNAME and SSL/HTTPS for a CloudFront distribution. I set up a CloudFront distribution to use as a CDN on my WordPress site, using the W3TC plugin to configure things.
I imported an SSL certificate from my hosting provider to use with the CloudFront distribution. I also configured a CNAME at my hosting for the distribution (e.g., "cdn.example.com") to use in place of the CloudFront domain name (e.g., "d1234.cloudfront.net").
After setting all this up I immediately noticed that all the images were just broken image links. Right-clicking an image to open it in a new browser window resulted in the browser warning me that "the connection is not private" and that the website "may be impersonating cdn.example.com". The source showed that none of the CloudFront CDN resources were being loaded. Chrome reported "Failed to load resource: net::ERR_CERT_COMMON_NAME_INVALID" for several resources.
After experimenting I found that if, I stopped using the CNAME (by removing it from the W3TC plugin field) and used the CloudFront domain name (i.e., "d1234.cloudfront.net") instead, everything worked all right. So images loaded successfully from d1234.cloudfront.net, where they wouldn't from cdn.example.com.
I have another site that is set up exactly the same except it doesn't use SSL/HTTPS: the use of a custom CNAME for the CloudFront distribution there doesn't cause any problems at all.
So the problem with CloudFront seems to appear when I try to use SSL/HTTPS and a custom CNAME.
The Chrome error report seems to indicate that there's a problem with the SSL certificate that I imported (what, I don't know - I'm not at all clued-up with SSL certificates). If that's the cause of the problem, should I get a certificate from AWS to enable the use of a custom CNAME? If so, what should I stipulate for the certificate? And I'm not sure how that works having two certificates - one for my domain and another for CloudFront?
Upvotes: 1
Views: 3579
Answers (2)
Reputation: 212
It sounds like you may have missed adding your CNAME to the Cloudfront distribution, i.e. under 'Alternate Domains Names':-
(I know this is an old question but as it stands unresolved and I just hit the same issue, I think this might help others)
Upvotes: 3
Reputation: 381
Below are the issues.
- Certificate does not match issuers name
- Google Chrome browser error
- Address error due Certificate Mismatch
Please check SSL generated for domain is valid and uploaded same to cloudfront.
Upvotes: 1
Related Questions
- Pointing Amazon's CloudFront at an A record not a CNAME
- Route traffic to AWS cloudfront issue: one or more of the CNAMEs you provided are already associated with a different resource
- Subdomain on CloudFront not working (certificate not accepted)
- SSL needed for Amazon cloudfront to use with CNAME
- Custom DNS for Cloudfront returns 403
- Setting CNAMEs to CloudFront
- Allow users to use custom domain to my cloudfront app
- AWS Cloudfront custom sub domain TSL / SSL: "Not secure / certificate invalid"
- Why is CloudFront working via one CNAME record but not another?
- CloudFront - CNAME doesn't match in nginx