Add a custom domain to AWS CloudFront distribution
This document will explain how to add a custom domain and SSL certificate to a CloudFront distribution.
Subject: CNAME DNS Request for AWS hosted website
. Please let me know if you need any other information.
Once you have received a response from the hostmaster that your domain has been made, you will need to get a certificate. Here is how you can do that:
- You will need to have OpenSSL installed on your machine. If you have a Mac it is already installed, on Windows you can run openssl from Git BASH.
- Create a CSR with this generator here.
- Common Name: the same DNS name that you sent to the hostmaster (e.g.,
- Organization: University of Wisconsin-Madison
- Key Size: 2048
- Note - CloudFront does not support a key size of 4096
- Click Generate and copy the contents.
- Open a Terminal on Mac or Git BASH on Windows and paste in the CSR command you copied from step 2 and hit enter. This will generate the private key and .csr file in the directory you ran the command in.
- Copy the contents of the .csr file
- Go to this SSL Enrollment Form to request the certificate
- Fill in your name and email
- Server Type: Other
- Certificate: Single Domain
- Term: 1 year
- CSR: <Paste the contents of the .csr file you copied in step 3>
- Common Name: <Common Name should auto-populate the after pasting in the CSR>
- Comment: <optional>
- And click Submit
- You will receive an email with download links to the certificate, You will need 2 of these links and the private key from step 3 to continue.
- Login to the AWS console and open the CloudFront service
- In the account that you have your CloudFront distribution set up, open the AWS Certificate Manager.
- In the top right of your screen where you can select the region, Choose us-east-1. Note - you must use us-east-1 for CloudFront certificates
- On the left navigation pane click "Import Certificate"
- You will see 3 boxes that you need to paste information into. Listed below is how you should fill them in.
- Certificate body: From the email in step 5 click the download link for "Certificate only, PEM encoded" and paste the contents into this box.
Certificate chain: From the email in step 5 click the download link for "Certificate (w/ chain), PEM encoded" and paste the contents into this box.
- Click next and give tags if you want then continue to review and import.
- After importing the certificate you should see it has the correct URL you have requested the certificate for.
- Next, go to the CloudFront distribution you want to apply the custom domain to.
- In the middle of the screen, there is a setting section with an edit button on the right, click edit.
- In the "Alternate domain name (CNAME)" section, click add item and enter the custom domain name you requested.
- In the "Custom SSL certificate" section, click the drop-down and select the certificate you just imported.
- If you do not see it make sure you used 2048 as the key size for your certificate in step 2 and imported it into us-east-1 in step 6. It will not show up if these 2 things are not done correctly.
- Click save changes, and wait about 10 minutes for it to deploy the changes.
- After waiting you should be able to use the new domain name to go to your website that is hosted on CloudFront.