I associated an SSL certificate with my Amazon CloudFront distribution, but I can't access my domain name over HTTPS. Why?
To resolve problems with accessing your domain name over HTTPS, check your CloudFront distribution for the following:
- Your SSL certificate's domain name must be added as an alternate domain name (CNAME) in your CloudFront distribution's settings. For more information, see Adding and Moving Alternate Domain Names (CNAMEs).
- The domain name of the SSL certificate must be consistent with the domain name associated with the CloudFront distribution. For example, if you issue an SSL certificate for *.example.com, then the CloudFront distribution will support the domain names abc.example.com or 123.example.com, but not abc.123.example.com. To use abc.123.example.com as a domain name, you must have an SSL certificate for *.123.example.com.
- If you're getting cipher or TLS version mismatch errors, verify that your configuration is using supported SSL or TLS protocols and ciphers for communication between viewers and CloudFront.
Note: For more information on troubleshooting SSL errors, see SSL/TLS Negotiation Failure Between CloudFront and a Custom Origin Server.
Did this page help you? Yes | No
Back to the AWS Support Knowledge Center
Need help? Visit the AWS Support Center.
Published: 2018-04-24
