Execution failed due to configuration error: Host name: '<DNS ALB>' does not match the certificate subject provided by the peer (CN=<mycustomdomain>)

Question

In my current AWS set up I have an API gateway - with a custom domain -> a VPC link -> NLB -> ALB -> ECS cluster.

I created a custom domain for my API gateway and added the ACM certificate, my NLB has a TCP listener ,and the ALB has an HTTPs Listener with the same cert I added for my custom domain. when I test one of the methods I created from the API gateway from the console I get the error "Execution failed due to configuration error: Host name: 'DNS of ALB' does not match the certificate subject provided by the peer (CN=)".

The certificate is for .com - with an additional subject name for *..com.

I added a CNAME record that maps my subdomain to my API gateway endpoint.

When I curl d..com with verbose output I see that it does match the certificate

....

subjectAltName: host "d..com" matched cert's "*..com" issuer: C=US; O=Amazon; CN=Amazon RSA.,.... SSL certificate verify ok. ....

....

However I still get an internal server error

Any idea what I have done wrong?

Answer 1

For Rest API, in the "Integration Request" configuration, assuming you are using VPC Link, do the following: Turn on "VPC proxy integration", select your "HTTP method", select your "VPC link" and enter "Endpoint URL" with your domain that has the certificate (you also need to configure it in Route 53), the documentation asks to enter the NLB DNS, but this will not work in your case (NLB->ALB), also add it at the end of the address a "/{proxy}"

Integration request

Resources