How to associate letsencrypt to cloud front?


#1

Hello,

I had followed this tutorial => https://www.tecmint.com/install-free-lets-encrypt-ssl-certificate-for-apache-on-debian-and-ubuntu/comment-page-1/ to install Lets Encrypt on my EC2 AWS Server and worked like a charm but, the problem I am having is that Cloud Front CDN is using http urls instead https urls ones, when I change option to “Only HTTPS” or “Redirect HTTP to HTTPS” it seems that the website breaks all paths with CDN, so, I imported Certificate to Certificate Manager so I can choose certificate on CloudFront on “Custom SSL” Distribution Option, the problem is that option shows disable, what can I do? Or is there a better way to do this? I cannot find any suitable tutorial on Google, please help!


#2

hi @codeman1234

why not leave CloudFront alone and let HTTP traffic through. Then write a redirect at your webserver??

Andrei


#3

Having CloudFront redirect all requests to HTTPS isn’t a problem in and of itself. Let’s Encrypt will follow redirects. If the site serves the challenge files from the HTTPS URL, it will work.

Figuring out why it’s not working would require more information about the web server configuration, Let’s Encrypt client command, the error messages involved, and possibly the CloudFront configuration.

At a guess, that tutorial uses the TLS-SNI-01 validation method, which is incompatible with reverse proxies like CloudFront. But HTTP-01 works. And DNS-01, if it’s for a domain where you can make the needful DNS changes.

Be that as it may, it might be more convenient to use a certificate issued by ACM. It may require traditional email validation to issue for the first time, but they can renew automatically (under almost all circumstances). That way you wouldn’t have to automate uploading new certificates to ACM and modifying the CloudFront distribution.

Still, Let’s Encrypt is a great CA for installing on your origin server to secure the connection between your origin and CloudFront, which would require solving the issue anyway.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.