I have an existing custom domain name for API Gateway that was created without "Mutual TLS authentication" enabled, and it has the endpoint of Edge. I am trying to change the ACM certificate it's using to another one, but I'm getting the error "OwnershipVerificationCertificate is only supported for MTLS domains." (this is through the AWS web console, so not the CLI).
The certificate was created in Certificate Manager, and it's a normal public cert (so did not import and not using a private CA). The only difference between the new and old cert is that I added 1 more subdomain to the certificate (which requires creation of a new cert, so the plan was to modify everything that used the old cert to use the new one instead, and I would delete the old cert). The new certificate works fine on normal CloudFront distributions (outside of API Gateway)
Edited by: slam on Jul 28, 2021 1:17 PM