I recently use S3 to host a static site. My domain name is managed by Cloudflare and using a dedicated Cloudflare certificate. I don't want to turn on auto redirect http->https on Cloudflare so I have to create a Cloudfront distribution to do that. I know that's some kind of ugly solution because I use 2 CDN at the same time. Here is the description of my problems:
I create a S3 bucket name staging-etheremon.kyber.network Create a Cloudfront distribution pointing to that bucket, the distribution using Default CloudFront Certificate. I CNAME the domain name staging-etheremon.kyber.network to that Cloudfront domain. When I try to access using staging-etheremon.kyber.network, Cloudflare shown 526 Invalid SSL Certificate. Next I open AWS Certificate Manager console and request a public certificate for staging-etheremon.kyber.network using DNS validation. It prompted me to create a CNAME in Cloudflare. I did just that but it still shown me pending validation. Here is the strange part, after request the cert, my site was working despite the fact that I didn't change the Cloudfront config to import the cert and the certificate request is still PENDING VALIDATION. Also, I tried deleting the request and the site shown 526 error again. I recreate the request and the site was working again. Strange! I also wait for a few days, I think more than 72 hours and now the request status change from PENDING VALIDATION to VALIDATION TIMED OUT. However, my site is still working, your can check it at staging-etheremon.kyber.network. I also deleted the VALIDATION TIMED OUT request, and the site is working.
I don't know what is the root cause of the problem, but I think it might be some kind of caching, might be on DNS server, CA server or Cloudfront, ...
Thanks in advance!
