如何将 route53 Apex 域注册表指向 CloudFront 分配?
How can I point a route53 Apex Domain registry to a CloudFront Distribution?
当我尝试将 apex 域 添加到云端备用域名列表时,它会抛出以下错误:
Cloudfront error
我知道我的配置有效,因为我可以毫无问题地将带有 www 的域用作子域:Cloudfront config
而且我确定 route53 不是问题,因为我可以毫无问题地创建指向我的 CloudFront 分发的别名记录,但如果 Cloudfront 不允许我添加 Apex 域在其列表中,它将拒绝并请求。
注意:顶级域是 URL 没有子域部分,即 domain.io
您收到的错误可能是因为您在 ACM 中的证书已注册 www.domain.io 或 *.domain.io。此类证书不涵盖顶级域 domain.io。来自 AWS documentation:
When you request a wildcard certificate, the asterisk (*) must be in the leftmost position of the domain name and can protect only one subdomain level. For example, *.example.com can protect login.example.com and test.example.com, but it cannot protect test.login.example.com. Also note that *.example.com protects only the subdomains of example.com, it does not protect the bare or apex domain (example.com). However, you can request a certificate that protects a bare or apex domain and its subdomains by specifying multiple domain names in your request. For example, you can request a certificate that protects example.com and *.example.com
典型的解决方案是为 *.domain.io 和 domain.io 或 www.domain.io 和 domain.io 这两个域创建一个新证书。
当我尝试将 apex 域 添加到云端备用域名列表时,它会抛出以下错误: Cloudfront error
我知道我的配置有效,因为我可以毫无问题地将带有 www 的域用作子域:Cloudfront config
而且我确定 route53 不是问题,因为我可以毫无问题地创建指向我的 CloudFront 分发的别名记录,但如果 Cloudfront 不允许我添加 Apex 域在其列表中,它将拒绝并请求。
注意:顶级域是 URL 没有子域部分,即 domain.io
您收到的错误可能是因为您在 ACM 中的证书已注册 www.domain.io 或 *.domain.io。此类证书不涵盖顶级域 domain.io。来自 AWS documentation:
When you request a wildcard certificate, the asterisk (*) must be in the leftmost position of the domain name and can protect only one subdomain level. For example, *.example.com can protect login.example.com and test.example.com, but it cannot protect test.login.example.com. Also note that *.example.com protects only the subdomains of example.com, it does not protect the bare or apex domain (example.com). However, you can request a certificate that protects a bare or apex domain and its subdomains by specifying multiple domain names in your request. For example, you can request a certificate that protects example.com and *.example.com
典型的解决方案是为 *.domain.io 和 domain.io 或 www.domain.io 和 domain.io 这两个域创建一个新证书。