Amazon AWS Cloudfront buckets choking on autossl sites

[adonius]

We were using AWS Cloudfront CDN buckets for a while no problem then we moved to a new server.

They worked at first then the autossl cert thing kicked in and now sites are doing ssl often.

So we changed the main sites to look for ssl in wordpress where you set site setting

Now it appears the buckets will not resolve

On AWS end, they offer no support with their trial cdn which is good for a year, so when you have a problem, they force you to convert to a paid plan, well we are still testing it and it's barely 2 months old with 40 bucks and we have 500 sites to migrate to the cloud, so I'd say it was still 'beta'.

Anyway, in AWS you can edit old buckets 'origin' to say https only, did that nothing.

We created new buckets saying origin ssl, nothing.

I read years ago they had issues with SNI certs and it was 'resolved', so it looks like autossl certs are causing CloudFront to choke.

Anyone else running a CloudFront bucket with autossl certs?

Oh we use W3 as the WPO plugin in wordpress and the speed we get from just that is almost as fast as CDN on a reload with cache.

Typical 2mb page open in wp on our server is 1.5 seconds
After W3 800 milliseconds
After CDN 500 or so milliseconds

So all was well until autossl kicked in and now we set our top wp sites to force ssl in site path in general settings and that made AWS spin and not resolve.

Tried to change origin on AWS and their 'free forum' for support won't even let you post.

What a joke AWS is, they give you a trail, don't let you use their forum and force you to go for a year of payments to even ask a question.

If anyone has another CDN working right with autossl we're all ears on that.

Or is anyone knows for sure SNI and Autossl is a no go at aws, please advise so I can spear Bezos publicly again on how bad his tech is.

 

[cPanelMichael]

Hello @adonius,

The closest documentation I could find on this topic is located at:

Using HTTPS with CloudFront - Amazon CloudFront

You may also want to review this third-party URL:

Setting Up SSL on AWS CloudFront and S3 | Bryce Fisher-Fleig

The instructions about generating/purchasing the certificate wouldn't apply, but the additional instructions may help.

Keep in mind this is unsupported.

Thank you.

 

[adonius]

Thanks, I've been trying a few different things to try to get CF to work right.

I was doing great on our old server with http, then as soon as we migrated it worked on new server and when the autossl kicked in and started to do ssl on the sites it just stopped resolving so over 40 bucks got removed

Now we rebuilt some using https://ourdomains.tld

Then we followed their directions to edit existing buckets to https 'origin'

Thus far nothing works

We were amazed you can't even post in their 'support' forums they are forcing the 'free test' they're promoting as 'free' until you try to ask a question then you got to buy it, great way to do biz huh, offer support IF YOU BUY, lol, a great zon scam trial.

I'm beginning to think they targeted our network since we have some negative zon books and sites out on the scams they do to publishers and authors and how bad kdp is as a whole.

LOL

Overall, I don't see much a bump in speed with aws, we get our speed from a quality network with large uplink and ssd hd's and we only have minor use sites on a shared site, anyone with real traffic gets moved to a dedicated server since they're so cheap now.

So with WOP a typical 2mb site with WOP is usually already under 1000 milliseconds and the cloud just gives it another 200 to 300 milliseconds of speed (on cache reloads)

So not sure if we even need real cdn since we keep front doors usually under 2mb in wp and get great speed tests now due to the network and doing WPO right.

Now with ssl on all the sites thanks to autossl inside cpanel, we expect a nice pop in organic seo, most or of the sites are on dedicated ips with wpo and light pages and super fast speed and now ssl, well that's about all you can do as far legit 'seo wpo' is concerned today, be faster than everyone else, use ssl and have strong content.

Does a cdn really help seo/wpo?

So at this point, yeah we want to get some buckets working again since we offer cdn hosting with wpo, but the ssl is the fork when it stopped, yet it may not be ssl since we can turn off ssl on any site and it still won't resolve now, so that means maybe zon associated the account to lots of negative zon articles and books and videos, we're really anti-zon but considered them seriously as a cdn network until this fiasco.

So when we get it working finally, which we will, I'll post the fix as to how we did it, but right now everything zon says to do isn't working with sni and autossl and even sites with autossl that temporarily say disable it.

It's just weird all the buckets crashed at the same time a week after we migrated to a new network.

But thanks for input, I had read the zon already and the other one has stuff we tried already to some degree but the json stuff we haven't tried yet.

Thanks again.

Happy Holidays