I am trying to secure multiple static AWS S3 websites delivered via AWS Cloudfront CDN with one certificate.
This AWS article says I should be able to do this, but it's not working.
One is a web-app, the other is a web-site for marketing the web-app.
You will notice below that most of the settings are the same. The CNAME settings in Cloudfrount CDN and GoDaddy DNS are basically all that are different.
Certificate settings / details:
- Domain name: mydomain.us
- Additional names: *.mydomain.us
- Validation status: Success
- Associated resources: arn:aws:cloudfront::[accountkey]:distribution/[CDN1] & same/[CDN2]
.
CDN 1 (web-app) settings:
- Origin = web-app.s3.amazonaws.com
- CNAMEs = *.mydomain.us
- SSL Cert = mydomain.us
- Domain name = [app].cloudfront.net
DNS 1 (web-app) settings:
- CNAME = * | [app].cloudfront.net
*Site 1 (the web-app) successfully loads secured in HTTPS.
- app.mydomain.us, custom.mydomain.us, etc.
.
CDN 2 (web-site) settings:
- Origin = web-site.s3.amazonaws.com
- CNAMEs = www.mydomain.us and web.mydomain.us
- SSL Cert = mydomain.us
- Domain name = [site].cloudfront.net
- All other settings such as security policy, HTTP versions, viewer protocol policy and everything I can see are the same as CDN 1.
DNS 2 (web-site) settings:
- CNAME = web | [site].cloudfront.net
- CNAME = www | [site].cloudfront.net
*Site 2 (the web-site) does not load secured
- web.mydomain.us or www.mydomain.us
All S3 settings are identical, less a CORS policy for the web-app so I can GET resources hosted at app.mydomain.us from custom.mydomain.us.
What do I need to change to enable this to work properly?
Thank you in advance!
www.mydomain.us
andweb.mydomain.us
, then use it just for your website. ZeroSSL offers completely free certificates from Let's Encrypt. The only downside is they have to renewed every 3 months.