Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating new certificates does not respect aws_region config value #248

Open
bugeats opened this issue May 29, 2019 · 3 comments
Open

Creating new certificates does not respect aws_region config value #248

bugeats opened this issue May 29, 2019 · 3 comments

Comments

@bugeats
Copy link

bugeats commented May 29, 2019

New certificates appear to be created in the us-east-1 region, even in the the aws_region is set to something else.
@bugeats bugeats mentioned this issue May 29, 2019
Closed
@brandonweiss
Copy link
Owner

That is an unexpected quirk of the way AWS is designed.

To use an ACM Certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM Certificates in this region that are associated with a CloudFront distribution are distributed to all the geographic locations configured for that distribution.

I think that most people that use Discharge are not logging into the AWS console and looking for their certificate and wondering why it’s not in the region they expected, so nobody has ever noticed this before. As long as it all just works they don’t care.

If I’d documented that quirk in the Distribute section of the README would you have noticed it? Do you think it’s worth adding a note there?

@dominiquedutra
Copy link

dominiquedutra commented Jun 5, 2019
edited

@brandonweiss I just stumbled upon this issue by looking at the issues list and it was just what I needed so I think it's worth adding on the README.

NEVERMIND THIS It seems .com.br (Brazil) domains won't verify because AWS can`t find the administrator email associated with the domain, so I went to my AWS console to see how my cert was doing and did not fond the pending cert. Of course, I was looking in my default region (South America). My pending cert is in the default aws region (N. Virginia).

Maybe even add it on the console log message:

✔ Load configuration
  ↓ Create certificate (All certificates are created on N. Virginia Region)
  ⠦ Verify certificate
    → A verification email has been sent to an email address associated with your domain
    Create distribution
    Deploy distribution

@brandonweiss
Copy link
Owner

Ah, yeah, I hadn’t thought of that. If someone has verification troubles they might try to sign in to see what’s going on.

OK, so I’ll definitely add it to the README. Adding it to the log message could be good, although it’d have to be really clear or it might confuse people even more. Maybe…

Create certificate (in us-east-1 region for use with CloudFront)

It’s still not as clear “why” as I‘d like, but it explains what is happening and implies that the reason why has something to do with CloudFront.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brandonweiss @bugeats @dominiquedutra