Point custom domain from other service provider to distribution default domain

Question

**Q1.**
My domain is using a Country Code Top-Level Domain that is not supported by AWS Route 53. As a result, when I attempted to point my domain "example.com" to the default domain of my Lightsail distribution, I discovered that my domain hosting provider only supports IP address mapping and does not allow setting an A record to the default domain "123456abcdef.cloudfront.net."

After some experimentation, I found a workaround by obtaining the IP address of "123456abcdef.cloudfront.net" using the ping method. I then used this IP address as an A record for my domain "example.com."

This method works well initially, but the issue arises after a few months when the IP address of the default domain "123456abcdef.cloudfront.net" changes to a new address. This forces me to remap the A record for "example.com," leading to downtime for my site and potentially affecting SEO results.

I am seeking advice on how to address this problem more effectively and avoid the recurring downtime.

**Q2.**
Under the same AWS account, I have configured a CloudFront distribution to pull content from my origin using HTTPS only. However, when accessing the site, I encounter a 502 ERROR with the following message:

"CloudFront wasn't able to connect to the origin. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation."

This error results in the entire site not working at all. I'm unsure of the exact cause of this issue and would appreciate any insights or possible solutions to resolve the problem.

(Note: The specific request ID for the error is provided as "HNeFjvOb9el9QCvvFJnxu-QHSwfVXpa9pKyrUR8I-Q8m1hBmvnUdqA==")

It is working properly if using pull content from my origin using HTTP only. The Wordpress site is showing with proper SSL certificate. Should I keep using HTTP only?

Answer

Hi, for Question 2, it looks like you have an issue with the certificate of your origin. Maybe [this post](https://repost.aws/knowledge-center/cloudfront-502-errors) will help you [1]. Cloudfront only support certificates that are signed by a trusted third-party CA [2].

Ideally you should use HTTPS all the way, from users to your cloudfront distribution and from cloudfront to your origin. If for some reason you can't make it work, at least add a security group to your origin that only allows connection from cloudfront using a cloudfront prefix list [3].

[1] https://repost.aws/knowledge-center/cloudfront-502-errors

[2] https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-custom-origin.html

[3] https://aws.amazon.com/blogs/networking-and-content-delivery/limit-access-to-your-origins-using-the-aws-managed-prefix-list-for-amazon-cloudfront/

Point custom domain from other service provider to distribution default domain

関連するコンテンツ