By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

SSL Certificate Does not cover Domain error - Cloudfront

0

Hi All,

Im trying to setup cloudfront with a custom SSL certificate I made locally and then uploaded to ACM.

The certificate is an X.509 formatted RSA 2048, Ive been following a decent tutorial, and I get my 5 certificate files (for server and client), and can upload them without problem.

However, when I try to use this certificate in cloudfront to sign the CNAME noa-updates.com, it fails, saying that this certificate does not cover the given Alternate Domain Name (CNAME)? They're clearly the same domain?!

Screenshot from the create distribution page

Is this error actually indicative of some other root cause that its not verbose enough to explain? Im obviously missing something here, but for all the tutorials and forum posts in the world I cannot find it!

Whats most confusing is that I had this whole pipeline working yesterday, without error, and it wasnt until I wanted to change some cloudfront settings that it started complaining! Ive reuploaded a new certificate, and generated and uploaded a new one, I tried creating a distribution without a CNAME and SSL cert, and then tried adding it after an initial deployment, nothing thus far has worked.

Any and All help is gratefully received!

JC

Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon CloudFrontAWS Certificate Manager
Language
English
JoshNoa
asked 6 months ago206 views
1 Answer
0

Hi, From the screenshot, the optional alternative CNAME (noa-updates.com) matches it in the certificate. For the CloudFront distribution, please check if there are other domains listed. The error "The certificate that is attached to your distribution doesn't cover the alternate domain name (CNAME) that you're trying to add" normally happens when some domain names in the distribution are not included in the certificate.

profile pictureAWS
Feng_C
answered 6 months ago
  • JoshNoa
    6 months ago

    Hi Feng,

    Thanks for your reply. I have moved on from this error, however the underline cause was the fact that I was attempting to use a self signed key with cloudfront, which is not allowed. The self signed key did in fact cover the domain, and there werent any other domain conflicts, it just clearly failed to extract the data from the SSL Cert.

    Would have been nice to get a verbose error suggesting as such, but it does seem like error messages on AWS are just generally a bit rubbish.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content