CloudFront发行版和AWS颁发的证书提供SSL_ERROR_NO_CYPHER_OVERLAP [英] CloudFront distribution and AWS issued certificate gives SSL_ERROR_NO_CYPHER_OVERLAP

问题描述

我无法使用AWS证书使Internet<-> CloudFront<-> S3存储桶正常工作。这就是我所做的：

I can't get the Internet <-> CloudFront <-> S3 Bucket working, using an AWS certificate. This is what I did:

1. 创建了一个证书，一个通配符，例如：* .mydomain.com。


2. 创建了一个S3存储桶，没有任何属性。


3. 使用创建的S3存储桶URL作为来源，创建CloudFront分配，从步骤1中选择我的证书，然后选择HTTP / 2，HTTP / 1.1，HTTP / 1.0，然后选择HTTP到HTTPS重定向。


4. 在我的托管区域中为要颁发证书的域创建一个别名，指向我的分发URL

1. Created a certificate, a wildcard one, like: *.mydomain.com.
2. Created a S3 bucket, no fiddeling with properties.
3. Creating a CloudFront distribution, using the created S3 bucket URL as origin, selecting my certificate from step 1, choosing HTTP/2, HTTP/1.1, HTTP/1.0, and choosing HTTP to HTTPS redirect.
4. Created an A alias in my hosted zone for the domain the certificate is issued for, pointing at my distribution URL.

创建发行版后，我的浏览器都告诉我：

After the distribution is created, my browsers all tell me this:

• Firefox：SSL_ERROR_NO_CYPHER_OVERLAP


• Chrome：ERR_SSL_VERSION_OR_CIPHER_MISMATCH


• Safari：无法建立安全连接。

我不确定我是否在设置过程中错过了一步，我尝试摆弄各种参数，但没有做任何事情让我度过难关。

I'm not sure if I've missed a step in the process of setting this up, I've tried fiddling with various parameters but nothing lets me through.

想知道我在做什么

更新

阅读此博客文章，说我可能已经忘记添加备用CNAME。这让我有些困惑，应该吗？在Route 53中，我使用 something.mydomain.com 配置了我的完整域，并且证书是通配符。

Read this blog post, saying that I might have forgotten adding alternate CNAMEs. This confuses me a bit, should I? In Route 53 I configured my full domain using something.mydomain.com and the certificate is a wildcard one.

其他博客文章和问题解答表示我不应该这样做，只是像我一样使用A记录和CloudFront分发URL /端点。

Other blog posts and question answers indicates I should not, just use the A record and the CloudFront distribution URL/endpoint, as I have done.

推荐答案

在我的更新中，我提到了从博客文章中添加CNAME。就是这样，第二次我开始这样做了。

So, in my update, I mentioned adding CNAMEs from a blog post. This was it, the second I did that, it started working.

为了澄清，我这样做是为了解决我的问题：

To clarify, I did this to solve my problem:

1. 编辑CloudFront分布。


2. 在选项卡常规下，单击编辑。


3. 在 备用域名文本框中，（至少）将您配置的 something.mydomain.com 添加到Route53中此分发的终结点/ URL。


4. 保存您的更改。

1. Edit your CloudFront distribution.
2. Under the tab General, click edit.
3. In the Alternate Domain Names text box, add (at least) the something.mydomain.com that you have configured to this distribution's endpoint/URL in Route53.
4. Save your changes.

这立即为我解决了，但是请记住CloudFront配置更改有时可能需要一些时间才能推出。

This solved it instantly for me, but remember that CloudFront configuration changes sometimes can take some time to be pushed out.

这篇关于CloudFront发行版和AWS颁发的证书提供SSL_ERROR_NO_CYPHER_OVERLAP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！