By using AWS re:Post, you agree to the Terms of Use

Lightsail enable SSL certificate AttachCertificateToDistribution error

0

I've set up an nginx Lightsail instance + Lightsail Distribution. The Distribution URL is live and the site loads via the Distribution URL w/ no errors.

Then for DNS I'm using Route53 from another AWS account (this is unavoidable due to policy, cannot be moved to the same account as the Lightsail instance). I have an A record pointing to the Lightsail static IP, a www CNAME pointing to the Distribution URL.

When creating the certificates in Lightsail, I created one for non-www and www combined. It would not enable under the Lightsail Custom Domain tab (error below). A www-only certificate produced the same error (below). A non-www only certificate enabled just fine. The certs have been verified as having the us-east-1 region w/ awscli ($ aws lightsail get-certificates).

Error AttachCertificateToDistribution[us-east-1]

Alternative Domain Names [domain.com, www.domain.com] have one or more parameter that is already associated with a different resource.

InvalidInputException

With the non-www cert the site loads fine via the non-www domain, however www (http and https) brings up an entirely different site. I expected at least a privacy warning and the ability to view regardless of a valid cert. I've doubled checked the www CNAME and it is pointing to my Lightsail Distribution. The www certificate that is in use for www under Site Information (browser address bar) isn't the certificate created by my Lightsail account.

The domain names associated with the SSL/TLS certificate cannot be in use by another distribution across all Amazon Web Services (AWS) accounts, including distributions on the Amazon CloudFront service. You will be able to create the certificate for the domains, but you will not be able to use it with your distribution.

Can an existing certificate for this domain created on any other AWS account cause it to still be in use? If so, what happens if I cannot get it removed? I thought new DNS pointing at my Lightsail would avoid resolving to anything other than where it currently points to.

No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions