CNAMEs and HTTPS certificates #167
Comments
ojongerius
changed the title
|
I think there a couple issues here.
|
|
|
|
Same deal. I have good experience with https://aws.amazon.com/certificate-manager . I see they support importing third-party-certificates. We can either import certificates in to certificate manager or create a new one (it's free). |
|
While we are at it, can we update the CNAME? I've deployed stage to the freeCodeCamp account and the URL is now: https://hxtsoafqna.execute-api.us-east-1.amazonaws.com |
|
@ojongerius that is the intent. @Bouncey has confirmed that the traffic is not going through CloudFlare, it would need a SSL cert. One can be created using any method that is suitable. Will you be able to do that using the certificate-manager? Would it need domain verification records (TXT), etc.? If that is the case, we should just do this over a call with @freeCodeCamp/open-api It will just be faster that way. |
|
CNAME updated. If we send the traffic through cloudflare would it not pick up our https cert? Do we not want this? |
If we send traffic trough CF, then the cert used would be of the ones provided by CF. But since the actual API end point is having a default cert of its own (even when we do not give it one), there is a mismatch. In that case, it should just directly hit the API as it is bypassing CF. But this also fails, because we are using a CNAME for the API, which CF flattens out. So, we need to install a SSL cert at the endpoint. This way after we bypass the CF, and hit the endpoint with our CNAME (flattened) domain, it resolves correctly, because the client sees that the domain is matching the cert (installed at the endpoint) Hope this clarifies? |
api-stage works, but https fails: https://api-stage.freecodecamp.org/stage/api
The text was updated successfully, but these errors were encountered: