- Newest
- Most votes
- Most comments
I updated my DNS records for my "www" subdomain to resolve to the instance that is connected to the CloudFront distribution. Everything seems to be working now!
Is this actually what you want. Your naked domain (the non-www address) is correct and using the CloudFront distribution:
$ getent hosts shepdesign.com
18.67.111.102 shepdesign.com
18.67.111.82 shepdesign.com
18.67.111.36 shepdesign.com
18.67.111.58 shepdesign.com
$ getent hosts 18.67.111.102 18.67.111.82 18.67.111.36 18.67.111.58
18.67.111.102 server-18-67-111-102.syd62.r.cloudfront.net
18.67.111.82 server-18-67-111-82.syd62.r.cloudfront.net
18.67.111.36 server-18-67-111-36.syd62.r.cloudfront.net
18.67.111.58 server-18-67-111-58.syd62.r.cloudfront.net
Hit this in a browser and it brings up your website, presenting the cert you would have got from an Amazon Certificate Manager.
Your www address is pointing at your EC2 instance, meaning it's bypassing CloudFront altogether:
$ getent hosts www.shepdesign.com
44.237.27.130 www.shepdesign.com
$ getent hosts 44.237.27.130
44.237.27.130 ec2-44-237-27-130.us-west-2.compute.amazonaws.com
When I hit this address in my browser I get a warning about the LetsEncrypt cert that your webserver is presenting (because it's for shepdesign.com which != www.shepdesign.com )
But even if you fixed that it's still not an optimal solution as it hits the EC2 direct and doesn't leverage CloudFront, which it seems you want to be using.
What you need a CloudFront distribution for your www address, and then update your DNS to point to that. You've managed it for the non-www address, so it looks like you know what needs to be done. This document is worth a read to fill in any gaps https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html
So I think I figured it out. I updated my DNS records for my "www" subdomain to resolve to the instance that is connected to the CloudFront distribution. Everything seems to be working now!
Hello.
I tried name resolution using nslookup, but in the case of www.shepdesign.com, only one IP address could be confirmed.
It is possible that the DNS cache is involved.
nslookup shepdesign.com
Server: 192.168.11.1
Address: 192.168.11.1#53
Non-authoritative answer:
Name: shepdesign.com
Address: 18.65.185.118
Name: shepdesign.com
Address: 18.65.185.19
Name: shepdesign.com
Address: 18.65.185.28
Name: shepdesign.com
Address: 18.65.185.68
nslookup www.shepdesign.com
Server: 192.168.11.1
Address: 192.168.11.1#53
Non-authoritative answer:
Name: www.shepdesign.com
Address: 44.237.27.130
I also tried connecting with the curl command, but the following error occurred.
From this, it seems like there is something wrong with CloudFront's certificate settings.
curl -I https://www.shepdesign.com/
curl: (60) SSL: no alternative certificate subject name matches target host name 'www.shepdesign.com'
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Relevant content
- asked 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
Thank you. Yes, it's still not working correctly. I think it is because I did something wrong with the custom domain and the certificates. Lightsail gives the option to list the domains that need a certificate. I had put "www" as to create a certificate for that, but I am wondering if I listed the wild card incorrectly. Instead of putting "www", I am wondering if I need to do ".shepdesign.com like a wildcard maybe?
I am restarting the process and doing it in order. I believe I added "www" as the top domain when it should have been "shepdesign.com". Wish me luck and thank you for the advice!