By using AWS re:Post, you agree to the Terms of Use

SSL Name Mismatch with API Gateway Custom Domain

0

I have a Regional API Gateway (WebSocket flavor) with a custom domain name and am seeing intermittent SSL domain name mismatch errors. When checking with a tool like https://www.leaderssl.com/tools/ssl_checker it shows that sometimes a cert for *.execute-api.us-west-2.amazonaws.com is being returned instead of the custom domain name. I have verified the following:

  • Certificate is in the us-west-2 region
  • API Gateway is in the us-west-2 region
  • Route 53 domain name points to the URL of the custom domain name and not the API
    • Note that the custom domain name URL shows d-{id}.execute-api.us-west-2.amazonaws.com and not a something.cloudfront.net URL Any other thoughts as to why this might be happening?