Avoiding SSL certificate errors with Amazon S3 subdomain
Rename to static-example-com.s3.amazonaws.com - this would work with the out of the box wildcard cert they supply. Take a look at what AWS recommends here.
Also, Id read through the answer here It looks like others have had the same issue you are having now.
Related videos on Youtube
Tim
Updated on September 18, 2022Comments
-
Tim over 1 year
I have an Amazon S3 bucket set up for hosting static image files. I have set up subdomain redirection so that "static.example.com" points to my S3 bucket. The bucket is named "static.example.com" with an appropriate CNAME record.
http://static.example.com/someimage.jpg does load from the S3 bucket.
The problem arises when I enable SSL for the website. When I load https://www.example.com I get errors because I'm loading insecure content from a secure page as expected.
After changing image sources to load https://static.example.com/someimage.jpg, images do not load because the browser blocks them because the certificate doesn't match.
Amazon's certificate is good for *.s3.amazonaws.com, which would include "somebucket.s3.amazonaws.com" but does not match "static.example.com.s3.amazonaws.com" as I need it to.
So the question is, how do I implement SSL as recommended when using a custom subdomain?
-
Michael - sqlbot over 6 yearsAlthough renaming the bucket (not actually possible -- you actually have to create a new bucket with the new name) will allow you to use
https://example-bucket.s3.amazonaws.com
, there's also another factor your advice will break -- if you point a domain name directly at a bucket, the bucket name must exactly match the bucket name. This precludes custom domain names for buckets if you want HTTPS. To do that does require CloudFront, as mentioned in the comments of the answer you linked... and if you use CloudFront, the bucket name no longer needs to match the custom domain name. -
Tim over 6 yearsMichael is correct. If you use a custom subdomain, the bucket name must be the FQDN with the subdomain. A single name bucket is now allowed. (Though that does resolve the SSL error.)