- Newest
- Most votes
- Most comments
Based on the information provided, it appears you're experiencing a significant increase in SSL errors for your mobile application users in the US and Canada, particularly since October 25th. This issue affects both iOS and Android apps, suggesting the problem is likely on the server-side rather than client-side. Here are some potential causes and steps to investigate:
-
Certificate issues: Check if your SSL certificate has expired or is nearing expiration. Even if it's still valid, there might be issues with the certificate chain or intermediate certificates.
-
API Gateway configuration: Verify that your custom domain setup in API Gateway is correct and that the SSL certificate is properly associated with it.
-
CloudFront distribution: For edge-optimized API endpoints, API Gateway sets up a CloudFront distribution. Ensure this distribution is functioning correctly and is properly bound to your ACM certificate.
-
Regional differences: The fact that the issue is more prevalent in the US and Canada could indicate a problem with specific edge locations or regional configurations. Check if there have been any recent changes or updates to your API Gateway or CloudFront settings that might affect these regions differently.
-
DNS issues: Since you're using Route 53, verify that your DNS records are correct and up-to-date, especially for the affected regions.
-
Certificate Authority Authorization (CAA) records: Check if there are any CAA records that might be blocking certificate issuance or renewal in the affected regions.
-
Recent changes: Review any changes made to your AWS infrastructure, especially around October 25th when the issue became more pronounced.
-
ACM service-linked role: Ensure that the ACM service-linked role (SLR) has the necessary permissions and is functioning correctly.
To troubleshoot:
- Check the status of your certificate in the ACM console.
- Verify the API Gateway custom domain configuration.
- Review CloudWatch logs for API Gateway and related services for any error messages.
- Test DNS resolution from various locations, especially in the affected regions.
- Consider creating a new certificate and updating your API Gateway to use it, to rule out any issues with the current certificate.
If the issue persists after these checks, it may be worth contacting AWS Support for further assistance, as they can provide more detailed insights into your specific configuration and any potential regional issues.
Sources
API Gateway problems - AWS Certificate Manager
Troubleshoot other problems - AWS Certificate Manager
Troubleshoot DNS validation problems - AWS Certificate Manager
Troubleshoot certificate requests - AWS Certificate Manager
Relevant content
- asked 6 years ago
- Accepted Answerasked 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago