Comments for Set up SSL


#21

From @hutualive on Thu Aug 03 2017 08:23:49 GMT+0000 (UTC)

@jayair
two comments:
1.the certificate can be selected from the dropdown list of cloudfront, is only available to be created in us-east-1 region(N.Virginia), create from other region is not working.
2.for bare domain(example.com),suggest for the viewer policy to use redirect http to https, which is less confusing and better for the security purpose. because when we hitting www.example.com, will auto redirect to https://example.com, but when we hitting example.com, it will stay as is unless people specify https://example.com, which is not normal case.

thanks for your great tutorial : )


#22

From @jayair on Thu Aug 03 2017 17:24:45 GMT+0000 (UTC)

@hutualive good point on the certificate region issue. Added a note.

For the bare domain, we do ask people to redirect HTTP to HTTPS. It’s one of the steps in the chapter.


#23

From @littleredshack on Tue Dec 12 2017 22:26:12 GMT+0000 (UTC)

There is a second step in AWS Certificate Manager to validate either via DNS or email:


#24

From @jayair on Fri Dec 15 2017 17:00:49 GMT+0000 (UTC)

@littleredshack Did you do the CNAME record in place of the email validation?


#25

From @littleredshack on Sat Dec 16 2017 02:55:19 GMT+0000 (UTC)

Yes. There was an option to allow AWS to update the DNS and I just clicked on that


#26

From @jayair on Sun Dec 17 2017 22:50:47 GMT+0000 (UTC)

@littleredshack I see. Yeah we might cover that option in the future.


#27

From @BIWhitfield on Tue Feb 20 2018 14:13:35 GMT+0000 (UTC)

Hi guys, great tutorial! One of my only issues was that when I set up the validation in this section by email, it sent validation emails to 5 common email addresses associated with the domain I bought from Route 53. However I can’t for the life of me work out how to access those emails to approve the validation. As far as I can tell the Route 53 domain doesn’t support email forwarding and I can’t find an inbox area to validate. I’ve ended up clearing out the validation by email and doing the DNS way. Just waiting on that to refresh (30 mins apparently) so I can finish the https part of that chapter.

Any ideas where those emails go just for my own reference?


#28

From @jayair on Fri Feb 23 2018 21:43:58 GMT+0000 (UTC)

@BIWhitfield Honestly I’m not entirely sure. I think it goes to what Route53 thinks is associated with your domain?

We should change the tutorial to use the DNS way instead, it’s far more reliable.


#29

My notes app is hosted in a different region (not US East, N.Virginia). I am using Certificate Manager for the first time. However, I don’t see the option to get started in the Certificate Manager home page.

Further, when I try to provision a certificate, I see 4 steps on the left versus the three listed in the tutorial. Further, in the validation screen, I am not able to expand the domains. I am not sure if I should go ahead and request the certificate. Has someone faced something similar? Thanks for any help.


#30

I think Certificate Manager is for certain specific regions.

Can you post a screenshot for the options you are seeing in the console?


#31

This is by far the best resource I found on deploying SPA to aws.
Kudus!

I have one question: Is there a way to prevent users using the static website hosting URL (I want to prevent it since it’s not https)?
If they enter via CF then using the ssl works fine, but what happens when they access the “bucket” directly?


#32

Hmm but aren’t the S3 bucket URLs https by default? Or are you saying what would happen if they access it via http?


#33

they aren’t HTTPs.
based on the picture you uploaded look at the address:
https://d33wubrfki0l68.cloudfront.net/531d2323dc0fe8130a792a126a263af26372cef8/9aded/assets/edit-static-web-hosting-properties.png


#34

Yeah I’m not entirely sure how you would hide it, aside from obscuring it.