Hi All,
Im trying to setup cloudfront with a custom SSL certificate I made locally and then uploaded to ACM.
The certificate is an X.509 formatted RSA 2048, Ive been following a decent tutorial, and I get my 5 certificate files (for server and client), and can upload them without problem.
However, when I try to use this certificate in cloudfront to sign the CNAME noa-updates.com, it fails, saying that this certificate does not cover the given Alternate Domain Name (CNAME)? They're clearly the same domain?!
Is this error actually indicative of some other root cause that its not verbose enough to explain? Im obviously missing something here, but for all the tutorials and forum posts in the world I cannot find it!
Whats most confusing is that I had this whole pipeline working yesterday, without error, and it wasnt until I wanted to change some cloudfront settings that it started complaining! Ive reuploaded a new certificate, and generated and uploaded a new one, I tried creating a distribution without a CNAME and SSL cert, and then tried adding it after an initial deployment, nothing thus far has worked.
Any and All help is gratefully received!
JC
Hi Feng,
Thanks for your reply. I have moved on from this error, however the underline cause was the fact that I was attempting to use a self signed key with cloudfront, which is not allowed. The self signed key did in fact cover the domain, and there werent any other domain conflicts, it just clearly failed to extract the data from the SSL Cert.
Would have been nice to get a verbose error suggesting as such, but it does seem like error messages on AWS are just generally a bit rubbish.