Home > General > Affiliate Marketing Forum

Simple tutorial to enable SSL/HTTPS for Free for Amazon Route 53/Cloudfront combo (15)

07-07-2018 02:40 AM #1 hagolo (Member)

Thank you <3


Sent from my iPhone using Tapatalk

08-07-2018 10:49 AM #2 melodypops (Member)

Hello @edgekaos
Thank you for your useful post.
Unfortunately I faced with issue - at the last step of requesting certificate I receive following error http://joxi.ru/L21XP69F85KZRm
I already wrote to AWS support center, but have not received answer yet.
So, maybe someone from STM can give me advice what to do with it?
Thank you in advance.

08-08-2018 10:10 AM #3 melodypops (Member)

Quote Originally Posted by melodypops View Post
Hello @edgekaos
Thank you for your useful post.
Unfortunately I faced with issue - at the last step of requesting certificate I receive following error http://joxi.ru/L21XP69F85KZRm
I already wrote to AWS support center, but have not received answer yet.
So, maybe someone from STM can give me advice what to do with it?
Thank you in advance.
UPD
I got answer from AWS support and they issued me a certificate. So, for all who face the same issue with certificate request, just send a message to AWS support.
Hope this info will be useful.

01-05-2019 02:19 PM #4 g200075 (Member)

Hello,
I have created an SSL certificate and the status of the certificate is "Issued".
However, when I try "Custom SSL Certificate" in the Cloudfront distribution settings, the checkbox is grayed out and I cannot select it.
Has anyone else come across this issue?
Thanks in advance.

01-05-2019 05:53 PM #5 kintura (Member)

Very happy to see this thread

Sometimes in the aws console you actually need to refresh the page to get your cert to show up. It's still a little buggy after all these years. Same goes for cloudfront distributions to show up in your alias dropdown.

On a related note: One of the most powerful parts of Route53 is its internal Aliasing. So rather than CNAME to your cloudfront distribution (we've seen CNAME lookups take over 3 seconds in certain geos) it will do the routing internally and shave that down to 10ms. Set "Alias: Yes" and select your cloudfront distribution from the dropdown.

https://stackoverflow.com/a/36670495

01-31-2019 03:56 PM #6 celador (Member)

Amazingly helpful, thanks edgekaos.

04-05-2019 01:59 AM #7 thehound (Member)

the *. certificate I added doesn't appear in the dropdown for custom SSL certificates, only my regular domain appears. Anyone else? my page is secure if I type it with https but if i don't it goes to the unsecured http version so it isn't forcing the SSL. does the *. version force this?

04-05-2019 04:19 AM #8 chris r (Member)

Quote Originally Posted by thehound View Post
the *. certificate I added doesn't appear in the dropdown for custom SSL certificates, only my regular domain appears. Anyone else? my page is secure if I type it with https but if i don't it goes to the unsecured http version so it isn't forcing the SSL. does the *. version force this?
You're gonna have to delete the certificate you made, and make a new one. This time, make sure that "US East (N. Virginia)" is selected at the top right corner. Once you redo it using that location, you'll then be able to see it in the drop down menu.

Hope this helps.

-Chris

04-05-2019 12:04 PM #9 thehound (Member)

Hmmm did this originally but tried it again. Still only seeing the non *. domain

04-05-2019 09:28 PM #10 mylead (Senior Member)

Pretty good tutorial, if someone don't want to have it from amazon it's easy to get it free from cloudflare

04-08-2019 02:04 PM #11 regjoe (Member)

I have done everything as instructed and the SSL certificate has been issued. Yet when I type in my domain I don't get the https/SSL padlock. Can someone explain what's the reason? Does it take time for the certificate to get activated? If so how many hours?

04-27-2019 12:04 AM #12 thehound (Member)

btw, I found the fix to force SSL. Login into your AWS console and open your CloudFront distribution settings. Navigate to the Behaviours tab and edit the behaviour which points to your S3 bucket, then see below for the viewer protocol policy and select redirect http to https



09-30-2019 05:53 PM #13 marcnguyen91 (Member)

Hello g200075
I have same issue with u. Pls check this response. it may helpful for u.
https://stackoverflow.com/questions/...red-in-aws-iam

Quote Originally Posted by g200075 View Post
Hello,
I have created an SSL certificate and the status of the certificate is "Issued".
However, when I try "Custom SSL Certificate" in the Cloudfront distribution settings, the checkbox is grayed out and I cannot select it.
Has anyone else come across this issue?
Thanks in advance.

07-12-2020 04:48 PM #14 andybd (Member)

com.amazonaws.services.cloudfront.model.InvalidVie werCertificateException: The certificate that is attached to your distribution doesn't cover the alternate domain name (CNAME) that you're trying to add. For more details, see: https://docs.aws.amazon.com/AmazonCl...s-requirements (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidViewerCertificate; Request ID: 90185f2c-6089-46f8-b073-e1ff4507ab52; Proxy: null)
I also get this error message when I use the certificate provided by aws

07-12-2020 10:21 PM #15 jeremie (Moderator)

Quote Originally Posted by andybd View Post
I also get this error message when I use the certificate provided by aws
It can be that you are using subdomains. In this case, you need to have a certificate that covers the domain and all its subdomains. When requesting a certificate, you need to ask for *.domain.com, not only domain.com

If you want to add a new domain to a distribution, it must be included in the certificate before adding it to the distribution.

In both cases, the solution is to 1) create a new certificate that covers all domains and subdomains required, 2) replace the old certificate with the new one 3) try to add the (sub)domain to the distribution

Home > General > Affiliate Marketing Forum