0

I am serving a website using s3 and cloudFront (migrating from digitalOcean to aws). I want to add custom domain which is in NameCheap, and name servers aren't connected yet since we are using terraform, no manual steps will be taken. ACM is failing to issue certificates for that domain name, my guess is although the 'hosted zone' is in route53, as it is not connected (due to name servers) it is unable to issue a certificate. But I have to deploy the project, cloudFront does provide default certificate, I can easily connect it to the route53 and call it a day for now. My plan is to change it later once all the name servers are connected on nameCheap.

My question is, is it safe to proceed with cloudFront default certificate?

Please note: An application is already being served from digitalOcean and we do not want to hamper customer experience while migrating. I am using terraform here, so we can apply custom ssl cert. anytime later.

ashraf minhaj
  • 504
  • 2
  • 14

1 Answers1

1

Yes, it is safe to use the default certificate for HTTPS traffic but keep in mind that default CloudFront certificate is only valid for the domain *.cloudfront.net, so the distribution could not have a custom domain.

To keep the same experience, you must wait to get a valid certificate from ACM. An alternative is to validate the certificate manually by adding the DNS records to the current DNS provider or validate via email.

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-revert-to-cf-certificate.html

Christian Daniel Avila Sanchez
  • 351
  • 4
  • 10