Route53 Secure Certificate

Question

This domain is not secure. The .sunrise and www.sunrise load the website, but neither of them have a secure connection.

I have attached a certificate to the domain, and it's entries are in the 2nd and 3rd rows from the top of this picture, and end with "validation.aws".

I think, maybe some of these rows will seem obviously useless, and I can delete them. I can also delete the two certificate rows and reapply them from the certificate page. Does anything stick out as the problem?

Answer 1

This is likely down to one of the following:

• The certificate does not cover the domain(s) that you're trying to use
• The certificate has expired

Debug Steps

When you access in the browser it should normally detail why the certificate is insecure.

Alternatively run the below command on your domain to get the full error.

curl -iv https://example.com

By running this command you'll get an error along the terms of the below.

curl: (60) SSL: no alternative certificate subject name matches target host name 'example.com'

Domain name not valid for certificate

You will need to ensure that the domain names that you included in the certificate match the domain you're trying to access in the browser.

From the console you can see the list of domains that are included on the certificate (including wildcard domains e.g. *.example.com. If the domain(s) you're trying to use would not match the rulesets you would need to generate a new SSL and then attach it to whichever resources are using it.

Certificate has expired

This will only occur if you're not using the ACM managed service which auto renews (you're using ACM so this is not the cause), in addition this is a new SSL so it would not have expired (the lifetime is 13 months).