Certificate is not working with cloudfront


I use S3 to host website and I would like to use SNI support of cloudfront to use SSL, I use below command to generate certificate.

/letsencrypt-auto --manual --config cli.ini --agree-tos certonly -d test.example.com --server https://acme-v01.api.letsencrypt.org/directory --agree-dev-preview

I use below command to upload the certificate to cloudfront

aws iam upload-server-certificate
–server-certificate-name my-server-cert
–certificate-body file://cert.pem
–private-key file://privkey.pem
–certificate-chain file://chain.pem
–path /cloudfront/

When I try to set the uploaded certificate I get below error from cloudfront

com.amazonaws.services.cloudfront.model.InvalidViewerCertificateException: The specified SSL certificate doesn’t exist in the IAM certificate store, isn’t valid, or doesn’t include a valid certificate chain. (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidViewerCertificate; Request ID:

Please let me know anyone could find whats the issue.


I figured out the issue, it was key size issue, i was using 4096, cloudfront allows only 2048.


lolreally. I never use anything below 4096.

my home cloud overdrives it with 16384 because I dont want some idiots sue me because my home cloud where I have my music for streaming it to myself is unsecure and therefore sharing it to other people.

but normal websites shouldnt go above 4096 at least if they want to support apple devices. dont ask me why but apple somehow cant work with 4096 bit keys. maybe they acknowledged that their processing speeds are too slow compared to what technology trows these days (lol)


Hi Riyaz,

I am trying to do the same, i’ve tried to run your example but what should be in the cli.ini file?