6

I have a static webpage on AWS S3 with Cloudfront. Cloudfront is setup with ACM (AWS Certificate Manager) and am using Route 53 with it. How can I have both the www.my-endpoint.com and my-endpoint.com endpoints secure with https?

Here are some details:

  • My ACM certificate is setup for just my-endpoint.com and is attached to the Cloudfront distribution
  • I have a Cloudfront A Records for my-endpoint.com whose alias points to Cloudfront
  • My www.my-endpoint.com is configured so its alias is my-endpoint.com

When I navigate to https://www.my-endpoint.com chrome complains of a potential security risk whereas the https://my-endpoint.com is fine.

Viccari
  • 9,029
  • 4
  • 43
  • 77
n00b
  • 5,843
  • 11
  • 52
  • 82

1 Answers1

6

Create a new ACM request for your-domain.com and www.your-domain.com (and better yet, *.your-domain.com).

Use the newly created certificate (after verification) on your CloudFront instance.

The redirection from https://www.domain.com to https://domain.com will work after you have a valid certificate for both domains.

hjpotter92
  • 78,589
  • 36
  • 144
  • 183
  • Wow that did the trick! Changing my certificate's domain name from `my-endpoint.com` to `*.my-endpoint.com` was what I needed for both endpoints to be supported by the ACM certificate. I have a follow on question. I was expecting my `www` A Record in Route53 to actually redirect to the non `www` endpoint but it seems to just pass through traffic. Is that how alias works? – n00b Oct 24 '16 at 13:14
  • Actually when I changed the certificate's domain name to `*.my-endpoint.com` the `https://www.my-endpoint.com` was secure and valid but then my `https://my-endpoint.com` wasn't. You mentioned I should create 2 certificates but I don't see a way for Cloudfront to accept 2 certificates. Do I need to configure 2 separate Cloudfront distributions for each endpoint? Seems quite redundant... – n00b Oct 24 '16 at 13:17
  • 2
    Sorry I misunderstood your initial suggestion. I created a new certificate with multiple domains. Thanks for your help. Could you answer my question from my first comment about how aliases work? I'm guessing they're just a passthrough so if my `www` A Record has its alias set to the non `www` A Record then it behaves in a passthrough manner? – n00b Oct 24 '16 at 13:22
  • 2
    @n00b You create a single certificate, but add 2 domains there. The first one should be `my-endpoint.com` and add another as `*.my-endpoint.com`. Something like: https://i.imgur.com/pzJnvCI.png – hjpotter92 Oct 24 '16 at 13:22
  • 1
    @n00b To answer your question, yes. You can also check the [docs here](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html) for more info. – hjpotter92 Oct 24 '16 at 13:32
  • Your comment has just saved my life hjpotter92, I have just wasted hours wondering why my redirect was not working and it was because I did not add the base domain name onto the HTTPS cert I created -_- CHEERS! – Notorious Feb 16 '18 at 12:29