SSL Certificate Does not cover Domain error - Cloudfront

Question

Hi All,

Im trying to setup cloudfront with a custom SSL certificate I made locally and then uploaded to ACM.

The certificate is an X.509 formatted RSA 2048, Ive been following a decent tutorial, and I get my 5 certificate files (for server and client), and can upload them without problem.

However, when I try to use this certificate in cloudfront to sign the CNAME noa-updates.com, it fails, saying that this certificate does not cover the given Alternate Domain Name (CNAME)? They're clearly the same domain?!

![Screenshot from the create distribution page](/media/postImages/original/IM0FMBfC3uShiOAfYVwdT__Q)

Is this error actually indicative of some other root cause that its not verbose enough to explain? Im obviously missing something here, but for all the tutorials and forum posts in the world I cannot find it!

Whats most confusing is that I had this whole pipeline working yesterday, without error, and it wasnt until I wanted to change some cloudfront settings that it started complaining! Ive reuploaded a new certificate, and generated and uploaded a new one, I tried creating a distribution without a CNAME and SSL cert, and then tried adding it after an initial deployment, nothing thus far has worked.

Any and All help is gratefully received!

JC

Answer

Hi,
From the screenshot, the optional alternative CNAME (noa-updates.com) matches it in the certificate. For the CloudFront distribution, please check if there are other domains listed. The error "The certificate that is attached to your distribution doesn't cover the alternate domain name (CNAME) that you're trying to add" normally happens when some domain names in the distribution are not included in the certificate.

SSL Certificate Does not cover Domain error - Cloudfront

관련 콘텐츠