Cloudflare HTTPS subdomain to Cloudfront/S3-bucket gives 403

Question

I'm using Cloudflare for my DNS and have SSL full. I'm trying to set up a subdomain; https://humlor.myrenas.se and point that to an AWS S3-bucket. I have Set up Cloudfront with a Default CloudFront Certificate (*.cloudfront.net) and the site is available at https://d2ufhnw2kk1vh9.cloudfront.net/ (without styling of some absolute paths to the CSS)

I have then created a CNAME record in Cloudflare: CNAME humlor is an alias of d2ufhnw2kk1vh9.cloudfront.net

But https://humlor.myrenas.se/ gives: 403 ERROR The request could not be satisfied. Bad request.

Do I need another certificate in Cloudfront? Or what is missing?

Michael - sqlbot Michael - sqlbot · Accepted Answer · 2019-03-09T22:00:17

This error message almost always means the request did arrive at CloudFront, but that CloudFront does not recognize the hostname that was contained in the HTTP headers. This suggests that you overlooked the need to set the Alternate Domain Name in your CloudFront distribution.

If you want to use your own domain name, such as www.example.com, instead of the cloudfront.net domain name that CloudFront assigned to your distribution, you can add an alternate domain name to your distribution for www.example.com.

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html

By default, CloudFlare doesn't change the Host header the browser sends, so CloudFront sees your custom domain name in the incoming request, and doesn't know what to do next, because no configured distribution has this name configured as an Alternate Domain Name, so it returns this error.

Cloudflare HTTPS subdomain to Cloudfront/S3-bucket gives 403

2 Answers