0

I have one module where the user can add a domain CNAME type.

The application domain name is xyz.com. This domain uses load balancer wildcard subdomains. When the user registers, a subdomain a1.xyz.com is created. The subdomain is based on the username, so every user has a unique subdomain. The user may add other domains to point here a1.xyz.com

For example, the user entered the a1.abc.com domain and set up the given Cname details on a1.abc.com records. Here, a user has a domain(a1.abc.com) in AWS Route 53. As well as I have a domain(xyz.com) in AWS Route 53.

When a1.abc.com points to a1.xyz.com it returns an error related to the SSL certificate.

Error Message when verifying SSL:

Peer certificate CN xyz.com did not match expected CN a1.abc.com

What am I doing wrong?

double-beep
  • 5,031
  • 17
  • 33
  • 41
Pratiksha Parghi
  • 3
  • 5

2 Answers2

1

The issue is related to SSL certificates assigned to your load balancer.

I guess your load balancer has assigned one of the certificates:

  • a1.abc.com
  • or *.abc.com (wildcard)

This means your load balancer is capable of encrypting traffic when domain a1.abc.com or *.abc.com is used.

Now goes the important part: if you want other people to add CNAME to your balancer, then your load balancer has to be assigned another certificate (yes, load balancers can have assigned multiple certificates for different domains). So in your case, you need to create another certificate for a1.xyz.com and assign it to the load balancer.

michail_w
  • 4,318
  • 4
  • 26
  • 43
1

You need to add new certificate for each new domain you are trying to access.

Head over to the ACM console, you can very easily request a public SSL certificate for your domain. This can be either one certificate per domain that you want to host with this load balancer, or alternatively you can also include multiple domains for your different services in one certificate.

If you use Route53 as your DNS, ACM provides you with a simple button to set up the DNS records required to validate domain ownership, which you need to obtain the certificate.

For more details go through https://pfisterer.dev/posts/multiple-domains-aws-lb/

Vishal
  • 639
  • 7
  • 32