AWS:CloudFront 中禁用了自定义 SSL 证书选项,但我使用 AWS Certificate Manager 创建了 SSL 证书 [英] AWS: Custom SSL certificate option is disabled in CloudFront, but I created a SSL certificate using AWS Certificate Manager
问题描述
我正在为我的亚马逊 S3 静态网站创建 SSL 证书.我使用证书管理器为我的域创建了一个 SSL 证书,其状态为已发行".我正在创建 CloudFront 分配,但自定义 SSL 证书选项已禁用.
I am creating a SSL certificate for my amazon S3 static website. I created a SSL certificate using Certificate Manager for my domain and its status is 'Issued'. I am creating a CloudFront Distribution, but the Custom SSL Certificate option is disabled.
是否需要一些时间(一天或更长时间)才能看到我的自定义 SSL 证书?还是我做错了什么?
Will it take some time (a day or more) before I can see my custom SSL certificate? Or am I doing something wrong?
推荐答案
需要在 ACM 中创建与负载均衡器 (ELB/2.0) 一起使用的证书.
Certificates that will be used with an Application Load Balancer (ELB/2.0) need to be created in ACM in the same region as the balancer.
将与 CloudFront 一起使用的证书始终需要在 us-east-1 中创建.
Certificates that will be used with CloudFront always need to be created in us-east-1.
要将 ACM 证书与 Amazon CloudFront 结合使用,您必须在美国东部(弗吉尼亚北部)区域申请或导入证书.此区域中与 CloudFront 分配关联的 ACM 证书将分发到为该分配配置的所有地理位置.
To use an ACM Certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM Certificates in this region that are associated with a CloudFront distribution are distributed to all the geographic locations configured for that distribution.
– http://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
原因是 CloudFront 不遵循 AWS 中的区域边界模型.CloudFront 边缘站点遍布全球,但在 us-east-1 之外进行配置和管理——将其视为 CloudFront 的主区域.一旦分配达到 Deployed 状态,它在操作上就不再依赖于 us-east-1,但在配置期间,一切都源自该区域,因此这是 CloudFront 可以访问的唯一 ACM 区域.
The reason for this is that CloudFront doesn't follow the regional boundary model in AWS. CloudFront edge locations are all over the globe, but are configured and managed out of us-east-1 -- think of it as CloudFront's home region. Once a distribution reaches the Deployed state, it is not operationally dependent on us-east-1, but during provisioning, everything originates from that region, so that's the only ACM region that CloudFront can access.
这篇关于AWS:CloudFront 中禁用了自定义 SSL 证书选项,但我使用 AWS Certificate Manager 创建了 SSL 证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
