RC Logr 20200606 061722
Saturday, 6 Jun, 2020
I use some integrated AWS services to host some sites, including S3 for basic hosting, Cloudfront for CDN, Certificate Manager for SSL and Route 53 for DNS. Who doesn’t like automation? 🤖 A couple of notes:
- Re ACM SSL certs, what worked well for me is to add the wildcard (*.cogley.info) as the basic cert name, and the apex as an additional name (cogley.info). Also, DNS validation is convenient because you don’t have to do anything but fail to delete the CNAME you need. If you use Route 53 it’s even better since there’s a big button that will create the CNAME for you. Once the CNAME is there, ACM will just happily renew for you. Ahhh, bask in the automation.
- You can have multiple copies of a cert. It’s either in use or it’s not, so just get it right, then delete the ones you don’t need. Cloudfront will re-deploy within a few minutes anyway, so it’s really no big deal to make a mistake.
- In your Cloudfront distribution edit screen, once your certificate is validated, you can just type
*.mydomain...and it will show you the choices that match. There’s a UUID identifier you can get from the cert itself, which appears in the dropdown, just in case you have multiple certs that match.
- Again in your Cloudfront distribution, make sure to choose TLS 1.2 (TLSv1.2_2018), which is the spec from 2008. At this point, so much time has passed that I think it’s safe to not pander to people with browsers from earlier than that.