We use AWS CloudFront as our CDN in front of the Apache website running on the EC2 server. The website uses SSL (https), and CloudFront is configured to use the CloudFront certificate by default, so our application loads static assets using https://xxxxxxcloudfront.net/path/to/asset, rather than https://ourdomain.com/path/to/asset.
Our SSL certificate issued by Go Daddy expired yesterday. After installing a new certificate on the web server, CloudFront can no longer deliver any assets. It just returns error 502 with a messageCloudFront wasn't able to connect to the origin.
Apache logs do not seem to indicate any problems with the new certificate, when I visit the site, I see a small green padlock icon and I no longer see any warnings about an invalid certificate. Also, if I try to download assets directly from our web server using https://ourdomain.com/path/to/asset, instead of the CloudFront URLs, the assets seem to load without any problems.
I donβt remember doing anything with CloudFront the last time we replaced the certificate. Is there anything that needs to be updated in CloudFront when updating the SSL certificate of the web server? Any tips on what to look for?
source
share