By using AWS re:Post, you agree to the Terms of Use

Custom domains with SSL

0

Customer wants to provide custom domains for our customers with ssl. Right now, they are able to provide this by creating a one off Cloudfront distribution, which is not great. Now, looks like the the ALB supports multiple SSL certs, but is limited to 25.

Is there a way to increase this limit ? OR Would you recommend another solution all together ?

Extra context per request:

customer creates pages like this for customers:
https://shows.example.com/somecustomer
but want to allow them to have custom domains like this:
http://somecustomer.example.org

Users presently do this by setting a CNAME record on their DNS pointing to our distribution domains.example.com However, as you can see, the custom domain version is not secure—it does not have a SSL/TLS certificate. We would like to provide these certificates for our customers. One way we considered doing this was using an Application Load Balancer. As we understand it, this would allow our users to point at the domains.example.com distribution, but it could support multiple certificates for that one domain/distribution.

This looks very promising to them—do you agree? If so, one concern is the supposed limit of 25 certs per load balancer, and so they wanted to know whether this limit could be lifted, and if there is a better alternative

1 Answer
0
Accepted Answer

Your customer wants to have a single CloudFront Distribution with multiple domains/subdomains and be able to serve that content using HTTPS, correct? Would all the content be served from a static set of origins or does the origin change based on the domain name?

This configuration is possible, your customer can configure the CloudFront distribution with multiple CNAMEs and use AWS Certificate Manager to generate a public certificate with multiple domain names(SAN).

From the example that you've shared, your customer would still have to use Lambda@Edge to change uri of the request, depending on the host header, as it seems that according to the host, the uri can change.

Thanks.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions