W3Guy

Amazon CloudFront Not Working with Your HTTPS/SSL Website? Read This

Few years ago, I decided to use Amazon CloudFront CDN (content delivery network) on this blog to boost it loading speed which has HTTPS/SSL provided and powered by Cloudflare flexible SSL. After the setup with origin set to the domain name, I then rewrote all images, fonts, CSS and JavaScript URLs to include that of the CDN. That is, https://mysitename.net/assets/script.js became https://d5kogytrbmse6u.cloudfront.net/assets/script.js

Everything was expected to work fine after the above rituals. It didn’t my website design was broken because all the file with CF link were returning the following error when accessed.

ERROR

The request could not be satisfied.

CloudFront wasn’t able to connect to the origin.

After several hours of tinkering with CloudFront settings, no luck still. I gave up and switched to KeyCDN which worked out of the box. Mind you, this happened over a year ago. I have since stopped using KeyCDN because they require a minimum of $40 a year payment which equals 40 credits on their platform and I don’t even use up to 10 credits before the year runs out.

It was only recently I discovered Amazon CloudFront is stringent with HTTPS/SSL configuration thanks to this Stackoverflow thread. Even a green lock in the browser doesn’t necessarily mean your SSL setup is complete and universally compatible with all clients.

If the origin server returns an expired certificate, an invalid certificate or a self-signed certificate, or if the origin server returns the certificate chain in the wrong order, CloudFront drops the TCP connection, returns HTTP error code 502, and sets the X-Cache header to Error from cloudfront.

It turned out that Amazon CloudFront failed in performing a SSL handshake with Cloudflare flexible SSL. I knew this by running this command true | openssl s_client -connect w3guy.com:443 -showcerts which returned the following error.

CONNECTED(00000003)
28225:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.30.2/src/ssl/s23_clnt.c:593:

My other websites with Comodo and Let’s Encrypt SSL works fine with Amazon CloudFront.

Conclusion

If you are having problem with Amazon CloudFront not working on your site with HTTPS/SSL, move away from Cloudflare SSL if that is what you are using or use an alternative CDN service with less stringent SSL rule like KeyCDN.

Don’t miss out!
Subscribe to My Newsletter
Invalid email address