I associated an SSL certificate with my Amazon CloudFront distribution, but I can't access my domain name over HTTPS. Why?

To resolve problems with accessing your domain name over HTTPS, check your CloudFront distribution for the following:

  • Your SSL certificate's domain name must be added as an alternate domain name (CNAME) in your CloudFront distribution's settings. For more information, see Adding and Moving Alternate Domain Names (CNAMEs).
  • The domain name of the SSL certificate must be consistent with the domain name associated with the CloudFront distribution. For example, if you issue an SSL certificate for *.example.com, then the CloudFront distribution will support the domain names abc.example.com or 123.example.com, but not abc.123.example.com. To use abc.123.example.com as a domain name, you must have an SSL certificate for *.123.example.com.
  • If you're getting cipher or TLS version mismatch errors, verify that your configuration is using supported SSL or TLS protocols and ciphers for communication between viewers and CloudFront.

Note: For more information on troubleshooting SSL errors, see SSL/TLS Negotiation Failure Between CloudFront and a Custom Origin Server.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2018-04-24