0
votes

I want to set up an HTTPS connection between a Cloudfront Web Distribution and a single EC2 origin server. I've studied this Stackoverflow discussion but I still need help. My domain name, "www.newb.com", is pointing at Cloudfront by using Route 53 and that connection has an SSL certificate from ACM.

So that's good but I also need to secure the connection between CloudFront and my EC2 origin. I presently have CloudFront pointing at ec2-XX-XX-XX-XX.compute-1.amazonaws.com - my origin server.

When I try to get an SSL certificate for ec2-XX-XX-XX-XX.compute-1.amazonaws.com, Gandi and Certbot return errors. For instance, Certbot says "Error creating new authz :: Policy forbids issuing for name". Assuming I can't get an SSL certificate on Amazon's ec2-XX-XX-XX-XX name, I need to know what DNS name to use and how to configure CloudFront and my server.

The discussion above references a subdomain name, for instance, like "origin.newb.com" for me. If that's the type of name I should get an SSL certificate for:

1) where do I point CloudFront at? to "origin.newb.com" or still to ec2-XX-XX-XX-XX or something else?

2) when I configure apache's port 443 listeners, what do I set ServerName to?

3) if ACM has already issued an SSL certificate for www.newb.com, will a second SSL certificate from Certbot for "origin.newb.com" create any problems?

My EC2 is a Ubuntu 16.04 LTS LAMP server. A single origin server will be enough for my use case and I don't want to pay for an ELB. Thanks for any help.

1

1 Answers

2
votes

Answers to your questions:

  1. Cloudfront has to point as custom origin to "origin.newb.com"
  2. The ServerName in the Sites available configuration is origin.newb.com
  3. I have issued multiple certificates on sub domains there is no issue with that.Remember you can create wildcard certificate also Example : *.newb.com and use it for both the subdomains.