Home > Programming, Servers & Scripts >

Problem with SSL Certificate On Cloudfront (10)

08-01-2020 10:46 AM #1 platinum (Veteran Member)

Is it that you are using Amazon S3 with Cloudfront + Cloudflare to server your landers?

If that's the case, you will need to import your cloudflare SSL cert on Amazon AWS using the certificate manager for the whole domain. By this I mean that when specifying the domain on Certificate Manager, you will need to use wildcards like *.mydomain.tld. Then this domain's SSL certificate can be used for any subdomain you plan on using.

On top of the above, go to your Cloudflare account > Domain name > SSL/TLS and make sure your SSL encryption mode is set to Flexible.


Edit: Just noticed that your domain is setup only for domain.tld while you are trying to use it for www.domain.tld

08-01-2020 02:29 PM #2 jeremie (Moderator)

Hey,

Several questions here:

1) Forcing the use of SSL
Go in the CloudFront distribution, click on the Behaviors tab. Then for all behaviors (should be only one by default), click on it, click Edit. Then select Viewer Protocol Policy "Redirect HTTP to HTTPS". Press Yes, Edit at the bottom and wait 10/15 minutes for the distribution to be updated.

2) covering long path URL
No issue here. If a (sub)domain is valid for SSL, any URL based on this (sub)domain will be working with SSL

3) covering wildcard domains
Ask your developer if he generated a SSL certificate only for the main domain, or for the main domain + subdomains.

Ask him to specifically include both lines in the SSL certificate request :
domain.com
*.domain.com

Remove the certificate you use and replace with the new one. You should not have any problem after that.

08-01-2020 07:23 PM #3 gobroke (Member)

Quote Originally Posted by platinum View Post
Is it that you are using Amazon S3 with Cloudfront + Cloudflare to server your landers?

If that's the case, you will need to import your cloudflare SSL cert on Amazon AWS using the certificate manager for the whole domain. By this I mean that when specifying the domain on Certificate Manager, you will need to use wildcards like *.mydomain.tld. Then this domain's SSL certificate can be used for any subdomain you plan on using.

On top of the above, go to your Cloudflare account > Domain name > SSL/TLS and make sure your SSL encryption mode is set to Flexible.


Edit: Just noticed that your domain is setup only for domain.tld while you are trying to use it for www.domain.tld
No I don't use Cloudflare. As I mentioned above, I use NS1 for DNS.

08-02-2020 08:43 PM #4 gobroke (Member)

So the webserver is now forcing the use of AWS-issued-SSL certificate on the main domain. Unfortunately, the later still doesn't match the domain name if it is wild card one or with extra path (ex. with folder/file name). The tech support from Traffic Armor suggested that it is better to get the SSL from Cloudflare because it can cover wild card domain plus the domain with path. So I am going to move the nameservers from NS1 to Cloudflare and hopefully it will work.

08-02-2020 10:29 PM #5 jeremie (Moderator)

Quote Originally Posted by gobroke View Post
So the webserver is now forcing the use of AWS-issued-SSL certificate on the main domain. Unfortunately, the later still doesn't match the domain name if it is wild card one or with extra path (ex. with folder/file name). The tech support from Traffic Armor suggested that it is better to get the SSL from Cloudflare because it can cover wild card domain plus the domain with path. So I am going to move the nameservers from NS1 to Cloudflare and hopefully it will work.
That's the setup I have: CloudFlare for DNS / CloudFront for CDN. Less complicated and work perfectly. Hope you can get it to work.

08-03-2020 11:35 PM #6 gobroke (Member)

Quote Originally Posted by jeremie View Post
That's the setup I have: CloudFlare for DNS / CloudFront for CDN. Less complicated and work perfectly. Hope you can get it to work.
What are the pros and cons of having an SSL certificate on either AWS or Cloudflare?

08-04-2020 02:12 AM #7 jeremie (Moderator)

Not a lot of difference. CloudFlare DNS is a bit faster than AWS Route 51 in some geos. Simplier SSL setup process.
Cons: apparently CloudFlare could block some traffic on pops. There was a discussion about that recently.

08-04-2020 04:42 AM #8 gobroke (Member)

Quote Originally Posted by jeremie View Post
Not a lot of difference. CloudFlare DNS is a bit faster than AWS Route 51 in some geos. Simplier SSL setup process.
Cons: apparently CloudFlare could block some traffic on pops. There was a discussion about that recently.
That's not good because I am going to promote some offers on pop traffic networks. Thanks for telling me.

08-04-2020 05:07 AM #9 jeremie (Moderator)

Hey,

Here is the thread about that. Only one traffic source.
https://stmforum.com/forum/showthrea...ith-CloudFlare

08-12-2020 03:30 AM #10 gobroke (Member)

Quote Originally Posted by jeremie View Post
Hey,

Here is the thread about that. Only one traffic source.
https://stmforum.com/forum/showthrea...ith-CloudFlare
That's great. In that case, I can use Cloudflare for most pop traffic networks.

Home > Programming, Servers & Scripts >