CloudFront alternate domain name Certificates


My custmer uses Cloudfront to run shops for customers under their own subdomain but also under the mobile subdomain of the customer, which they don't manage themselves.

Before this CloudFront security change they were able to add the alternate domain using only their certificate and then use it to validate and get a Let's Encrypt certificate for the customer subdomain.

Is this still possible through some other means?

asked 5 years ago370 views
1 Answer
Accepted Answer

I understand that this company (for example creates a distribution covering two CNAMEs for each of their customers ( and Then they ask their customer to point to the created distribution, then they use Lets Encrypt with HTTP validation to issue a certificate covering both domain, and finally they attach the certificate to this distribution using ACM.

That will not work any more with the new security enhancements in CloudFront. I suggest that the customer first issue a certificate using ACM and DNS validation covering both domains (first action from their customer), then creates the distribution with this certificate and finally ask the customer to create the necessary CNAME in their DNS configuration.

profile pictureAWS
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions