I am attempting to use Cloudfront to serve an S3 bucket over HTTPS using an "Alternate Domain Name", but I am getting this error when I load the site in a browser:
NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is example.com; its security
certificate is from *.cloudfront.net. This may be caused by a
misconfiguration or an attacker intercepting your connection.
This error makes sense, but from what I understand Cloudfront should somehow be able to use the default cert to work with "Alternate Domain Names" as long as the client supports SNI. Here are the AWS docs about it:
Am I misunderstanding something?
Basically, I just want to be able to have HTTPS through Cloudfront without having to pay the $600/month that AWS charges for the dedicated IP certs.