By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cloudfront static website HTTPS ssl error

0

I have created a static website (cloudesk.top) with S3 + Cloudfront + AWS Certiticate manager, after cloudfront distribution deployed, I still can not access my website, the chrome prompt:

This site can’t provide a secure connectioncl
oudesk.top uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I have tried to find the cert for my website with following command:

openssl s_client -showcerts -connect cloudesk.top:443 </dev/null

It prints:

CONNECTED(00000006)
8159337984:error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure:/AppleInternal/Library/BuildRoots/c2cb9645-dafc-11ed-aa26-6ec1e3b3f7b3/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/ssl/tls13_lib.c:129:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 287 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Start Time: 1689739301
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

So it must be somewhere not configure correctly, does any body konw how to fix this issue?

Topics
Networking & Content DeliverySecurity, Identity, & ComplianceStorage
Tags
Amazon CloudFrontAWS Certificate ManagerS3 Select
Language
English
Enix Yu
asked 9 months ago1155 views
1 Answer
2
Accepted Answer

Have you set up an alternate domain for CloudFront?
Also, do you have an SSL certificate tied to CloudFront?
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-procedures.html#cnames-and-https-updating-cloudfront

I think the situation is similar to the problem here.
https://repost.aws/ja/questions/QUNE8Cd54cSdGMnxm2mkjscQ/routing-traffic-through-cloudfront-for-ssl-certificate-with-godaddy

profile picture
EXPERT
Riku_Kobayashi
answered 9 months ago
profile picture
EXPERT
Gary Mclean
reviewed a month ago
  • Enix Yu
    9 months ago

    You save my life. Thanks, after adding the alternative domain name, it works like a charm...

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content