-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Support for ACM-hosted SSL Certificates #710
Comments
Zappa should at least be able to just reference an ACM certificate ARN. Maybe with an 'auto' setting or something that does generation of it for you. 'auto' would handle simple one-domain-one-cert cases, but complex ones - like maybe a bunch of sites that all use a wildcard cert or something - would need the ability to just supply an ARN. |
Hoping to investigate some of this today. |
This is now available in version 0.39.0, which lets you supply a |
@Miserlou I tried it with Singapore region acw ssl but its raising an issue
Is there any way to mention the region for it. Thanks, |
zappa_settings? It says |
What should I do as I have all my aws services using Singapore region and I need to have |
First can you check if you can put the certificate in us-east-1 but use it
in singapore? That might work since CF distributions are global
…On Wed, Mar 15, 2017 at 4:23 PM, Abdul Wahid ***@***.***> wrote:
What should I do as I have all my aws services using Singapore region and
I need to have certificate_arn because Let's Encrypt is raising an issue
( as mentioned here #590 <#590> )
of permission denied because of auto renewal is not updating the
certificate which I set 15 days and its problematic as I am moving towards
production environment by next week. Can you suggest me some recommendation
so that this kind of issue can be avoided after successful deployment for
production.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#710 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAIi08fFe_mb-MUGQyMSJfN-p3zO5umqks5rmEimgaJpZM4MY2NO>
.
|
I did try that
But it seems like I need to configure my Route 53 according to us-east region. |
I got it working as I followed the error message and removed the domain from cloudfront and remove the subdomain from route 53 then once its create a ACM custom domain then I revert back my settings in couldFront and Route 53, Now I have ACM custom domain. Thanks @Miserlou |
Hooray! API Gateway now supports ACM SSL! Announcement: https://aws.amazon.com/about-aws/whats-new/2017/03/amazon-api-gateway-integrates-with-aws-certificate-manager-acm/
We should add these as an option.
The question is, how much should be automatic, and how much should be manual? Should Zappa simply reference an ACM certificate ARN, or should Zappa actually create the certificate?
Unfortunately, it can't be fully automatic, as ACM requires email rather than domain-based domain name verification, even if your domain is hosted on Amazon already. Therefore, it may be simplest to simply reference the ARN.
This ticket also does not mean that we will be dropping support for Let's Encrypt.
Related docs:
http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html
http://boto3.readthedocs.io/en/latest/reference/services/apigateway.html?highlight=Api%20gateway
Interestingly, it says this:
Which may mean that they have simply broken our existing code with no warning, I'm not sure yet. Either way, thanks Jeff.
The text was updated successfully, but these errors were encountered: