I have a Regional API Gateway (WebSocket flavor) with a custom domain name and am seeing intermittent SSL domain name mismatch errors. When checking with a tool like https://www.leaderssl.com/tools/ssl_checker it shows that sometimes a cert for *.execute-api.us-west-2.amazonaws.com
is being returned instead of the custom domain name. I have verified the following:
- Certificate is in the us-west-2 region
- API Gateway is in the us-west-2 region
- Route 53 domain name points to the URL of the custom domain name and not the API
- Note that the custom domain name URL shows
d-{id}.execute-api.us-west-2.amazonaws.com
and not a something.cloudfront.net
URL
Any other thoughts as to why this might be happening?