Monday, June 3, 2019

ssl - Route 53 Naked/Root Domain Alias Record



Route 53 supports Alias records which use Amazon S3 static websites to dynamically resolve naked domains to their www counterparts using a 301 redirect. I am wondering whether the Alias record will support SSL:



http:// example.com -> http:// www.example.com (this will work)
https:// example.com -> https:// www.example.com (will this work?)



I realize that SSL doesn't have anything to do with DNS, but Route 53's implementation of the Alias record (using an S3 static website) concerns me.



It seems like dnsimple's ALIAS record does support SSL: http://support.dnsimple.com/articles/domain-apex-heroku/




If indeed Route 53 does not support SSL and dnsimple does, how does dnsimple's implementation of the ALIAS record differ?


Answer



Because you will configure the S3 bucket to send a 301 redirect to www.example.com if you follow Amazon's directions, you will wind up with SSL certificate warnings if someone uses the non-www form. As far as I can tell, Amazon provides no way for you to provide your SSL certificate in this circumstance.



DNSimple has a different implementation which, instead of sending a 301 redirect, sends visitors directly to the IP address of the Heroku app (which, presumably, they look up dynamically). This works as long as Heroku is expecting it.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...