By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CloudFront alternate domain name Certificates

0

My custmer uses Cloudfront to run shops for customers under their own subdomain but also under the mobile subdomain of the customer, which they don't manage themselves.

Before this CloudFront security change they were able to add the alternate domain using only their certificate and then use it to validate and get a Let's Encrypt certificate for the customer subdomain.

Is this still possible through some other means?

Topics
ComputeNetworking & Content Delivery
Tags
Website ProvisioningAmazon CloudFront
Language
English
AWS-User-6336697
asked 5 years ago374 views
1 Answer
0
Accepted Answer

I understand that this company (for example shops.com) creates a distribution covering two CNAMEs for each of their customers (customer.shops.com and m.customer.com). Then they ask their customer to point m.customer.com to the created distribution, then they use Lets Encrypt with HTTP validation to issue a certificate covering both domain, and finally they attach the certificate to this distribution using ACM.

That will not work any more with the new security enhancements in CloudFront. I suggest that the customer first issue a certificate using ACM and DNS validation covering both domains (first action from their customer), then creates the distribution with this certificate and finally ask the customer to create the necessary CNAME in their DNS configuration.

profile pictureAWS
EXPERT
achraf
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content