I have a problem when using a custom CNAME and SSL/HTTPS for a CloudFront distribution. I set up a CloudFront distribution to use as a CDN on my WordPress site, using the W3TC plugin to configure things.
I imported an SSL certificate from my hosting provider to use with the CloudFront distribution. I also configured a CNAME at my hosting for the distribution (e.g., "cdn.example.com") to use in place of the CloudFront domain name (e.g., "d1234.cloudfront.net").
After setting all this up I immediately noticed that all the images were just broken image links. Right-clicking an image to open it in a new browser window resulted in the browser warning me that "the connection is not private" and that the website "may be impersonating cdn.example.com". The source showed that none of the CloudFront CDN resources were being loaded. Chrome reported "Failed to load resource: net::ERR_CERT_COMMON_NAME_INVALID" for several resources.
After experimenting I found that if, I stopped using the CNAME (by removing it from the W3TC plugin field) and used the CloudFront domain name (i.e., "d1234.cloudfront.net") instead, everything worked all right. So images loaded successfully from d1234.cloudfront.net, where they wouldn't from cdn.example.com.
I have another site that is set up exactly the same except it doesn't use SSL/HTTPS: the use of a custom CNAME for the CloudFront distribution there doesn't cause any problems at all.
So the problem with CloudFront seems to appear when I try to use SSL/HTTPS and a custom CNAME.
The Chrome error report seems to indicate that there's a problem with the SSL certificate that I imported (what, I don't know - I'm not at all clued-up with SSL certificates). If that's the cause of the problem, should I get a certificate from AWS to enable the use of a custom CNAME? If so, what should I stipulate for the certificate? And I'm not sure how that works having two certificates - one for my domain and another for CloudFront?
It sounds like you may have missed adding your CNAME to the Cloudfront distribution, i.e. under 'Alternate Domains Names':-
(I know this is an old question but as it stands unresolved and I just hit the same issue, I think this might help others)
Below are the issues.
Certificate does not match issuers name
Google Chrome browser error
Address error due Certificate Mismatch
Please check SSL generated for domain is valid and uploaded same to cloudfront.
Related
I've set up my app running on Cloud Run with a Let's Encrypt wildcard certificate to cover subdomains. It works fine, but everytime I run testssl.sh or other similar tools they notice 2 certificates: mine and Google's. The second certificate throws errors regarding name mismatch and from time to time (couldn't reproduce it, it may not be a problem) even browser notice this and say the cert is not valid, but a refresh will fix it.
Is this something common and should I ignore it? Google's DIG shows that the domain has the correct IP as A record and everything else works fine.
Use only one certificate.
A wildcard certificate with Cloud Run provides few benefits. Only domain names that are mapped will be supported so the wildcard does not help. The negative is that you must manually renew the certificate every 90 days.
Use the Google Managed certificates.
I'm struggling to use AWS Cloud Former to generate a CloudFormation template. I have already launched the Cloud Former stack twice and attempted to connect to the associated DNS for the EC2 instance generated each time and keep receiving the error pictured below.
I have already tried to create a new SSL certification for the EC2 instance via AWS Certificate Manager, but AWS does not allow this for EC2 instances. I'm not very familiar with SSL/HTTPS processes and would appreciate any guidance on next steps I should pursue to address/troubleshoot this.
Upon further research into this, I have found the following issue:
Specifically, I'm seeing the following SSL certification issue:
Has anyone else seen this yet with CloudFormer recently?
CloudFormer uses self signed certificates that are generated by the stack. This is the normal browser warning when the browser encounters a self signed certificate. For your purposes, you can simply click on the link at the bottom (Proceed to EC2-xxx (Unsafe)) of the warning page, and ignore the warning. You will connect successfully in spite of the warning.
SSL certificates require a domain. On AWS you can set one up with the certificate manager, but it will still have an issue until you correctly configure Route 53 on AWS as well.
This is my first time getting an SSL certificate for my website. I followed this tutorial https://devcenter.heroku.com/articles/automated-certificate-management
heroku certs:auto displays that Status is "Cert issued". I get no errors. I use git push and the website is still not certified. What could I be doing wrong?
Old question, but if anyone else runs into this problem, which I was just battling myself, here was my problem:
When following the Heroku dev center guide on how to point a custom domain to your herokuapp, the guide says, among other things:
"Create a CNAME record to map from www.example.com to example.herokuapp.com or your SSL endpoint if using SSL."
Neither one of these alternatives are, however, the way to go now (SSL endpoint is considered legacy at Heroku). Instead, once you have added your custom domain correctly, simply:
In Heroku CLI, run "heroku certs:auto:enable" to enable ACM.
Point your domain's DNS records at the Heroku DNS target for your custom domain, which you can find by running "heroku domains"
Wait a little.
This should do it.
So I've been using Amazon CloudFront as a CDN on my Ruby on Rails app on heroku for sometime. Today I updated my SSL certificate (comodo positivessl wildcard) and from the browser's end it looks like the the certificate is correctly installed.
However, I noticed that the site wasn't loading correctly and then i got a bunch of 502 errors on my developers console. I then went into CloudFront to update the certificate, waited for the updates to deploy, and here we are a few hours later and my site still isn't connecting properly.
I use a custom cname for my site (which worked fine before today).
Can anyone tell me how to go about checking if the certificate is installed correctly on CLoudFront?
I run a website affectionaries.com that has a valid SSL certificate hosted by Hostgator.
It has come to my attention that when searching in Google for terms such as "Affectionaries" or "Cupcakes Runcorn" an other domain appears higher up the SERP's using my meta data an is unrelated to my business. If you click the link for (https://www.miamiboxpanama.com/) then it takes you to an insecure warning page! Under advanced it tells you:
www.miamiboxpanama.com uses an invalid security certificate. The certificate is only valid for the following names: affectionaries.com, www.affectionaries.com Error code: SSL_ERROR_BAD_CERT_DOMAIN
I can not figure out what is going on here...
So far I can see that this domain is on the same nameservers and IP address as my site.
Has anyone have experience with this and know a solution to resolve this matter?
www.miamiboxpanama.com resolves to the same IP address as affectionaries.com (192.254.231.2). So both names lead to the exact same web server, and therefore also the exact same SSL certificate. Since that certificate is only for the name affectionaries.com, the browser correctly issues a warning when the name it used was www.miamiboxpanama.com.
This looks like a configuration error at Hostgator. You may want to contact them and ask what's going on.