AWS Cloudfront: Is It Possible To Use One HTTPS Certificate to Cover example.com AND www.example.com?

0
votes

When I create an HTTPS certificate in AWS for example.com it works, and I can attach it to my Cloudfront just fine ... IF I set "Alternate Domain Names (CNAMEs)" to example.com.

Similarly, if I create a certificate for *.example.com, I can attach it to my Cloudfront ... IF I set "Alternate Domain Names (CNAMEs)" to www.example.com.

Strangely though, if I try to use either certificate with a Cloudfront record for both Alternate Domains, I get:

InvalidViewerCertificateException: The certificate that is attached to your distribution doesn't cover the alternate domain name (CNAME) that you're trying to add

Do I really need two certificates and two Cloudfront records just to cover the www. case also? It seems like it should be possible to just have one certificate which supports a single Cloudfront record, and that record covers both www.example.com and example.com.

Is that possible?

2
amazon-web-servicesamazon-cloudfront

2 Answers

2
votes

Yes, of course. You can request a public certificate in ACM and add both example.com and *.example.com into the domain names field. The resulting certificate will be suitable for both of the CNAMEs in your CloudFront distribution.

1
votes

You can indeed use multiple domains on a single SSL certificate.

Be aware as a caveat to this, it will not work for any browsers that do no support SNI.