APIGateway certificate error

Question

Hi, 
I have the following setup.
api.mydomain.com (Route53) -> API GW  Rest API instance as an HTTP proxy -> ELB DNS Name -> ECS

I can convert the Rest API to an HTTP API if required.

When I make a call to the api.mydomain.com I get the following error through the Cloudwatch console:
Execution failed due to configuration error: Host name '' does not match the certificate subject provided by the peer (CN=mydomain.com)

What is the root cause of it in detail and what is the best way to solve the problem?
Is my approach correct?

Any help appreciated, thanks.

Accepted Answer

I would recommend reading this document and its sub-sections thoroughly to ensure you have configured the custom domain for the API Gateway REST API correctly - https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html

Also is the ELB for ECS a public or private endpoint. If it is public, you should be good, but if it is private you will need to configure a VPCLink and a Network Load Balancer in front of the ALB for ECS - https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html

Answer

Thanks for the answer. I got your point.

ELB for ECS is private.
Just one thing I dont get; what do I need to create an NLB in front of ALB. Is it not possible to connect API to ALB directly?

And I am deploying all of this with CDK. I could not find how to put an NLB in front of ALB. Can you lead me to correct location of a sample implementation or documentation?

Thanks.

APIGateway certificate error

Relevant content