I am trying to secure multiple static AWS S3 websites delivered via AWS Cloudfront CDN with one certificate.
This AWS article says I should be able to do this, but it's not working.
One is a web-app, the other is a web-site for marketing the web-app.
You will notice below that most of the settings are the same. The CNAME settings in Cloudfrount CDN and GoDaddy DNS are basically all that are different.
Certificate settings / details:
- Domain name: mydomain.us
- Additional names: *.mydomain.us
- Validation status: Success
- Associated resources: arn:aws:cloudfront::[accountkey]:distribution/[CDN1] & same/[CDN2]
.
CDN 1 (web-app) settings:
- Origin = web-app.s3.amazonaws.com
- CNAMEs = *.mydomain.us
- SSL Cert = mydomain.us
- Domain name = [app].cloudfront.net
DNS 1 (web-app) settings:
- CNAME = * | [app].cloudfront.net
*Site 1 (the web-app) successfully loads secured in HTTPS.
- app.mydomain.us, custom.mydomain.us, etc.
.
CDN 2 (web-site) settings:
- Origin = web-site.s3.amazonaws.com
- CNAMEs = www.mydomain.us and web.mydomain.us
- SSL Cert = mydomain.us
- Domain name = [site].cloudfront.net
- All other settings such as security policy, HTTP versions, viewer protocol policy and everything I can see are the same as CDN 1.
DNS 2 (web-site) settings:
- CNAME = web | [site].cloudfront.net
- CNAME = www | [site].cloudfront.net
*Site 2 (the web-site) does not load secured
- web.mydomain.us or www.mydomain.us
All S3 settings are identical, less a CORS policy for the web-app so I can GET resources hosted at app.mydomain.us from custom.mydomain.us.
What do I need to change to enable this to work properly?
Thank you in advance!
www.mydomain.usandweb.mydomain.us, then use it just for your website. ZeroSSL offers completely free certificates from Let's Encrypt. The only downside is they have to renewed every 3 months.