5

I have a cloud front app with domain xyz123.cloudfront.net. This CloudFront is then mapped to domain sub1.mydomain.com. For this, I followed these steps.

  1. Added SSL through AWS CloudFront pannel to *.mydomain.com
  2. Added A Alias record in Route 53 to xyz123.cloudfront.net

This makes sub1.mydomain.com work perfectly over SSL.

Now, I want to allow my users to use their own domain (eg sub1.userdomain.com) to access the app. This is similar to what UptimeRobot allows in its public status pages.

What I tried, but not working

  • Added CNAME to sub1.userdomain.com pointing to xyz123.cloudfront.net, I get SSL Error
  • Added CNAME to sub1.userdomain.com pointing to sub1.mydomain.com, I get SSL Error
  • Added CNAME to sub1.userdomain.com pointing to xyz123.s3-website.ap-south-1.amazonaws.com (S3 Static Hosting URL)

Question

  1. How does UptimeRobot (or GitHub Pages) allow users to add a custom domain to their status page over SSL
  2. What is the prerequisite to make this happen?
Titulum
  • 5,744
  • 3
  • 25
  • 52
Adarsh Madrecha
  • 2,897
  • 9
  • 45
  • 79

2 Answers2

2

  1. From https://github.blog/2018-05-01-github-pages-custom-domains-https/:

    We have partnered with the certificate authority Let’s Encrypt on this project. As supporters of Let’s Encrypt’s mission to make the web more secure for everyone, we’ve officially become Silver-level sponsors of the initiative.

    Github pages create a single certificate, from Let's Encrypt, for both your custom userdomain.com and YOURNAME.github.io. This is possible with a SAN certificate (Subject Alternative Name, https://support.dnsimple.com/articles/what-is-ssl-san/).

  2. You can't associate more than one SSL certificate to a CloudFront distribution but ACM (AWS Certificate Manager) supports up to 10 subject alternative names. To mimic Github Pages you have to know the user domains beforehand or create a new certificate each time you add a new domain to replace the old one.

Michel Radosavljevic
  • 121
  • 4
1

Unfortunately, there is no way to add more than 10 custom domains to a SSL in AWS. Which is a prerequisite to having a custom domain to your cloudfront.

Hence, a workaround this could be as below. 1. Create a S3 single bucket which hosts your code 2. Create Multiple Could front distributions connected to single S3 Bucket 3. Then, add custom domains to these cloud front.

You will also need to think about CORS settings in your API of the app to allow requests from these custom domains.

Pankaj Kumar
  • 198
  • 8