问题
I can't get the Internet <-> CloudFront <-> S3 Bucket working, using an AWS certificate. This is what I did:
- Created a certificate, a wildcard one, like: *.mydomain.com.
- Created a S3 bucket, no fiddeling with properties.
- Creating a CloudFront distribution, using the created S3 bucket URL as origin, selecting my certificate from step 1, choosing HTTP/2, HTTP/1.1, HTTP/1.0, and choosing HTTP to HTTPS redirect.
- Created an A alias in my hosted zone for the domain the certificate is issued for, pointing at my distribution URL.
After the distribution is created, my browsers all tell me this:
- Firefox: SSL_ERROR_NO_CYPHER_OVERLAP
- Chrome: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
- Safari: Can't establish a secure connection.
I'm not sure if I've missed a step in the process of setting this up, I've tried fiddling with various parameters but nothing lets me through.
Wondering what I've missed here.
UPDATE
Read this blog post, saying that I might have forgotten adding alternate CNAMEs. This confuses me a bit, should I? In Route 53 I configured my full domain using something.mydomain.com and the certificate is a wildcard one.
Other blog posts and question answers indicates I should not, just use the A record and the CloudFront distribution URL/endpoint, as I have done.
回答1:
So, in my update, I mentioned adding CNAMEs from a blog post. This was it, the second I did that, it started working.
To clarify, I did this to solve my problem:
- Edit your CloudFront distribution.
- Under the tab General, click edit.
- In the Alternate Domain Names text box, add (at least) the something.mydomain.com that you have configured to this distribution's endpoint/URL in Route53.
- Save your changes.
This solved it instantly for me, but remember that CloudFront configuration changes sometimes can take some time to be pushed out.
来源:https://stackoverflow.com/questions/42844989/cloudfront-distribution-and-aws-issued-certificate-gives-ssl-error-no-cypher-ove