- Newest
- Most votes
- Most comments
Hi Leonardo,
Please go through the below steps, I hope it helps to resolve your issue.
1. Check for Existing Associations
First, verify that your custom domain is not already associated with another AWS resource. You can do this by:
AWS Certificate Manager (ACM) Check:
- Navigate to the ACM console.
- Find the certificate for your custom domain and check if it's already associated with another CloudFront distribution or Elastic Load Balancer.
CloudFront Distributions Check:
- Go to the CloudFront console.
- Check all your CloudFront distributions to see if any of them are using the custom domain as an Alternate Domain Name (CNAME).
2. Disassociate the Custom Domain if Needed
If you find that your custom domain is already associated with another resource, you need to disassociate it:
Disassociate from ACM:
- If the domain is associated with another certificate, you might need to delete that association or the certificate itself if it's no longer needed.
Update CloudFront Distribution:
- Remove the custom domain from any other CloudFront distribution's Alternate Domain Names settings.
3. Attach the SSL Certificate to the Lightsail Distribution
- Once you've ensured that the custom domain is not associated with any other resource, proceed to attach the SSL certificate to your Lightsail distribution
Lightsail Console:
- Navigate to the Lightsail console.
- Select the distribution you want to configure.
Attach Custom Domain and SSL Certificate:
- In the distribution settings, go to the section for custom domains.
- Attach the SSL certificate associated with your custom domain.
4. Update DNS Settings
Ensure your DNS settings are correctly configured to point to your Lightsail distribution:
CNAME Record:
- In your DNS provider's console, create a CNAME record for your custom domain pointing to the CloudFront distribution URL (e.g., d827Of.cloudfront.net).
Propagation Time:
- Note that DNS changes can take some time to propagate, so allow up to 24-48 hours for the changes to take effect.
Example Steps
Here's a more concrete example of these steps:
Verify Domain Ownership:
- In ACM, make sure the certificate for customdomainname is validated and not associated with another resource.
Disassociate Old Resources:
- In the CloudFront console, check if customdomainname is associated with any other distributions and remove it if necessary.
Attach Certificate to Lightsail Distribution:
- Go to the Lightsail console.
- Select your distribution, then navigate to the custom domains section.
- Attach the previously validated SSL certificate for customdomainname.
Update DNS:
In your DNS management console (e.g., Route 53 or another DNS provider), create a CNAME record:
Name: customdomainname
Type: CNAME
Value: d827Of.cloudfront.net
Troubleshooting Tips
- Double-Check ACM and CloudFront: Ensure there are no lingering associations with the custom domain.
- DNS Propagation: DNS changes might take time to propagate. Use tools like dig or nslookup to verify the DNS record updates.
Hi,
You seem to be using API Gateway's edge optimized custom domain name with some shared domain-name same as the one listed on your Lightsail certificate. That is what is being referred to by the ACM certificate in your account.
Please find more information below:
Because these CloudFront distributions are owned by API Gateway, each of these reported CloudFront distributions is identified by one of the following Region-specific API Gateway account IDs, instead of the API owner's account ID.
Region Account ID
us-east-2 718770453195
You will need to pick one of out of these two ways and services to serve content for that domain-name and delete the second not required certificate and resources.
Thanks.
This worked! Thank you. I was not aware of the API Gateway distributions. After removing it, the relationship with ACM was removed. Following this, I no longer encountered any errors when attaching the certificate on Lightsail.
No problem. Glad it worked out!
Here is the Documentation for setting up Distributions for Lightsail
Make sure that you have followed the order of the steps -- step 3 Create a Lightsail distribution and then step 6 Create a Lightsail SSL/TLS certificate. If you click into the detail in step 6 (Create SSL/TLS certificates for your distribution) you will notice the following in the top paragraph.
When you enable custom domains for your distribution, and choose the certificate, those domains are added as the custom domains of your distribution.
Give your error, it sounds like you do not have the necessary domains in your cert (the distribution and your custom domain).
Hope this helps.
I do not have any issue creating DNS Zone and my certificate, all validation with CNAME records works. My issue is when try to attach this into my distribution custom domains. Checking my ACM I saw that there is a cloudFront instace related with the domain that I just create the certificate, but on my CloudFrond dashboard I do not have any instance listed.
Relevant content
- Accepted Answerasked 3 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
I saw that my certificate is associated with a non existent CloudFront distribution: arn:aws:cloudfront::718770453195:distribution/E27R3ZHH2C499H
but I have nothing into CloudFront, how can I remove It?