0

I am trying to create a Cloudfront distribution for a subdomain, e.g. dev.example.com. However, after adding the details for the objects origin and I enter the alternate domain names (CNAMES) section and add: dev.example.com I get the following error when I click on create distribution:

com.amazonaws.services.cloudfront.model.InvalidViewerCertificateException: To add an alternate domain name (CNAME) to a CloudFront distribution, you must attach a trusted certificate that validates your authorization to use the domain name. For more details, see: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-requirements (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidViewerCertificate; Request ID: fb305ccd-21e7-4bf8-a55c-df1304c06ac1; Proxy: null)

I am managing my domian dns through Route 53. I've created a certificate through ACM already, but the option to select a custom SSL certificate is greyed out. I've gone through the AWS Docs and couldn't find any solution so far.

Chris Williams
  • 32,215
  • 4
  • 30
  • 68
Abdi
  • 490
  • 1
  • 6
  • 17

2 Answers2

1

This error indicates that the certificate that is attempting to be used is incorrect.

Your ACM certificate must be created in us-east-1 for a CloudFront distribution. The reason for this is that CloudFront is a global service, global services can only attach regional services that exist within us-east-1. They also will appear in CloudWatch and CloudTrail under the region of us-east-1.

It must also cover the domain you're using. In your case either dev.example.com or *.example.com must be included on your certificate.

Chris Williams
  • 32,215
  • 4
  • 30
  • 68
1

You Have to Create the ACM certificate in us-east-1 . Did you ?

Oxi
  • 2,918
  • 17
  • 28