By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS Amplify Custom Domain stopped working

0

I have a simple React app deployed to Amplify. It is working fine with the abc.amplifyapp.com URL.

I added a custom domain with a certificate in Certificate Manager. It worked for an amount of time (a few hours), but suddenly it stopped working. I say suddenly because I did not make any DNS changes or deploy anything that would have caused it to stop working.

In Certificate Manager it still says the certificate is "Issued" and "In Use: Yes"

The error I'm getting is

This site can’t provide a secure connection
<custom domain> uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

When I go to the custom domain configuration page I get

The role with name AWSAmplifyDomainRole-Z0648476345K749HBHH5T cannot be found.

It seems like Amplify never made this role? But it was working fine for a few hours. Do I need to manually create that role? If so, what permissions should it have?

Topics
Front-End Web & MobileSecurity, Identity, & Compliance
Tags
AWS AmplifyAWS Certificate Manager
Language
English
Quin
asked 25 days ago153 views
1 Answer
0

The issue you're experiencing with your AWS Amplify custom domain suddenly stopping working is not uncommon and can be caused by several factors.

First, the error message "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" typically indicates a problem with the SSL/TLS configuration. This could be due to an issue with the certificate or how it's being served.

The fact that the Certificate Manager still shows the certificate as "Issued" and "In Use" is a good sign, as it means the certificate itself is likely not the problem.

The error message about the AWSAmplifyDomainRole not being found is more concerning. This role is typically created automatically by Amplify and is necessary for managing custom domains. The fact that it was working for a few hours and then stopped suggests that this role may have been deleted or become inaccessible for some reason.

To resolve this issue, you can try the following steps:

  1. Remove the custom domain from your Amplify app and then re-add it. This might trigger Amplify to recreate the necessary role.

  2. If that doesn't work, you may need to manually create the AWSAmplifyDomainRole. The exact permissions required can vary, but typically it needs permissions to manage CloudFront distributions, ACM certificates, and Route 53 records.

  3. Check your AWS IAM console to see if the role exists but perhaps has incorrect permissions.

  4. Verify that your DNS settings are still correct and that the CNAME records for your custom domain are pointing to the correct Amplify app URL.

  5. Try invalidating the CloudFront cache for your Amplify app.

If these steps don't resolve the issue, you may need to contact AWS Support for further assistance. They can look into the specifics of your account and application setup to identify any underlying issues with roles, permissions, or configurations that might be causing this problem.

Remember, sudden issues like this can sometimes be caused by changes in the AWS infrastructure or temporary glitches that resolve themselves over time. If the problem persists, don't hesitate to reach out to AWS support for a more in-depth investigation.
Sources
Custom domain for Amplify not working | AWS re:Post
Can't Activate AWS Amplify Custom Domain | AWS re:Post
Amplify custom domain setup issue | AWS re:Post

profile picture
re:Post Agent
answered 25 days ago
  • h_tkn
    23 days ago

    We had same problem just today, and we've resolved this issue by step 1. I suspect there may be a problem with the AWS amplify certificate renewal.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content