5

I'm following the serverless-stack guide and have a website hosted in an Amazon S3 bucket. I purchased a domain using GoDaddy and I have set up cloudfront to work with this bucket, then have used AWS certificate manager to generate SSL certificates for my domain (both www.my_domain.com and my_domain.com). In GoDaddy I then configured DNS forwarding to point to my cloudfront resource. This all works nicely, and if I go to my_domain.com in a browser then I see my website. However, I can't get SSL working. If I go to the https:// version of my website then I see a not secure error in the chrome address bar which shows a certificate pointing to shortener.secureserver.net rather than my own website.

Could someone point me at a way around this? Looking through S.E. and using google it seems that Amazon's route53 might be able to help, but I can't figure out how to do this. Thanks!

(edit) To make things more clear, this is what I see in Chrome if I connect to https://my_website.com or to https://www.my_website.com

The warning message:

enter image description here

The certificate details:

enter image description here

What I do not understand is why, after configuring an AWS certificate for my domain, I see a certificate for shortner.secureserver.com rather than a certificate for my_website.com.

os1
  • 412
  • 1
  • 6
  • 18
  • 1
    For someone who is also going through same issue, try to follow https://docs.aws.amazon.com/amplify/latest/userguide/to-add-a-custom-domain-managed-by-godaddy.html – aavrug Mar 14 '22 at 19:59
  • Thanks. I no longer use godaddy but have updated my accepted answer below so that others can find the link you give. – os1 Mar 15 '22 at 12:28

4 Answers4

2

Go daddy has problems and does not redirect to https, There are two ways, the first is to change domain registrar and the second is the easiest, which is: Create a hosted zone on AWS router 53 with your domain name

Create 2 type A records, one for the root (of your domain) and one for www that point to your cloudfront. Router 53 allows you to create a type A record without having an IP, because it directly points to a cloudfront instance that you indicate, that's the best

enter image description here Then in go daddy it gives you the option to change name servers and puts the ones assigned by aws in hosted zone with the record that says NS and you put those 4 in Godaddy, replacing the ones that had

Note: SAVE THE NAME SERVERS THAT YOU HAVE IN GO DADDY BEFORE REPLACING THEM, IN CASE YOU HAVE ANY PROBLEM, YOU CAN REPLACE THEM AGAIN enter image description here

You have to wait at least a few hours until all the name servers are updated, you can use the who.is page to see if the DNS have already been updated with those of aws.

Marcelo Vargas Z.
  • 76
  • 4
1

It turns out that this is not possible with GoDaddy. If anyone else reading this has a similar problem, only current solution is to cancel your domain registration and register with someone else.

(edit) As @aavrug mentions in their comment, Amazon now have a guide for this.

os1
  • 412
  • 1
  • 6
  • 18
0

When you defined your CloudFront you can defined whether you want to use, and you can choose HTTPS only. In this case HTTP requests will be automatically redirected to HTTPS. Have in mind CloudFront changes may take a while to be replicated and your browser cache it as well, so the best way is to make a change, wait for the deployment and then check it in a new cognito browser.

It goes without saying that your certificate must be valid and verified as well.

HTTPS-HTTPS Configuration

Cleriston
  • 750
  • 5
  • 11
  • Thanks, but I already have that option selected. It's not the https that's the problem. It's the certificate showing the wrong address. – os1 Jul 08 '19 at 07:54
  • Can you share how have you configured the certification? Usually you can defined a certification for your entire domain. – Cleriston Jul 08 '19 at 08:04
  • I added a bit more info, hopefully it helps. – os1 Jul 08 '19 at 08:17
  • Are you using the certificate manager? You just need to start typing the domain and it will be auto-completed. If the browser is showing this message, it is because your certificate is not correct. – Cleriston Jul 08 '19 at 08:26
  • Yes, I know. That's the problem I'm trying to solve. – os1 Jul 08 '19 at 08:31
0

It might be something wrong with your certificate or with your domain.

If you serving your content over HTTPS you must provide a SSL Certificate in Cloudfront. Have you done that?

Have you added your domain on Alternative Domain Names (CNAMEs)?

Please have a look on the image below:

Cloudfront SSL

-> AWS provides Free SSL Certificates to be used with Cloudfront, so you might want to use it (easier than you import your SSL from go daddy).

You can create a free SSL certificate on AWS and easily attach it to your cloudfront distribution.

-> You can also transfer your domains to AWS Route53. It is easy to integrate with any AWS Service and easy to use/maintain :)

I wrote a complete guide on my blog telling how you can add Custom SSL and attach custom domain to Cloudfront distribution, it might be useful :)

https://lucasfsantos.com/posts/deploy-react-angular-cloudfront/

Lucas Santos
  • 2,991
  • 3
  • 19
  • 29