【以下的问题经过翻译处理】 我使用 Route 53 解析到了一个带有域名的S3静态网站。我希望能够使用HTTPS访问我的S3静态网站。以下是我的配置过程:
1)使用 HTTP 协议访问该网站时一切正常。
2)我使用 AWS ACM服务为 .mydomainname.com 创建了一个通配符证书。
3)我创建了 Cloudfront 分发并附加了证书,并指向了我的 S3 端点。
4)我更新了我的 A 名称记录以指向CloudFront分发。使用HTTP访问时我收到 403 错误,在使用HTTPS访问时我收到这个错误:“"This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner."
以下是我curl我的域名(HTTP和HTTPS)的信息:
C:\Users>curl -I http://example.cloudfront.net
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Tue, 03 Sep 2019 13:17:52 GMT
Content-Type: text/html
Content-Length: 183
Connection: keep-alive
Location: https://mysite.cloudfront.net/
X-Cache: Redirect from cloudfront
Via: 1.1 example.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR62-C2
X-Amz-Cf-Id: S1MQtfkSEz9ZCMJwJMBmXY2s-EuKqKbOvr8ncQJVHknlqN6dt5Qkpg==
C:\Users>curl -I https://example.cloudfront.net
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 234
Connection: keep-alive
Date: Tue, 03 Sep 2019 13:04:32 GMT
Cache-Control: no-cache
Last-Modified: Sat, 10 Aug 2019 19:57:14 GMT
ETag: "ba30a221741da38d0f133cfd1524a452"
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 (CloudFront)
X-Amz-Cf-Pop: LHR62-C2
X-Amz-Cf-Id: b0HMW-WdPpe5ffTrJCc69uXil_3FSyjV0YDekoQ7k23r1cRO21Ubvg==
C:\Users>curl -I http://mysite.com
HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Tue, 03 Sep 2019 13:05:15 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Cache: Error from cloudfront
Via: 1.1 415cafe4893fa18caeab8a2e966de6c1.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR62-C2
X-Amz-Cf-Id: MtGq2dHVISm9pKZqfdbpjqfjekV5Mp6j8ZvGhGo-x3Aqau9fBzpZtA==
C:\Users>curl -I https://mysite.com
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.