亚马逊最近在CloudFront上推出了一项新功能,该功能使用SNI(服务器名称指示)免费支持自定义SSL证书.
我使用StartSSL的免费Class 1证书设置了我的发行版,当我注意到该站点在部署后的短时间内发生故障时,一切正常.运行SSL Checker会返回我的证书正常工作:
但是当我尝试通过HTTPS访问网站时,我会点击此错误页面(它将适用于第一个请求,然后在后续尝试连接时关闭).
使用ssl访问时,这是一个详细的输出(在索引上成功):
$ curl -I -v -ssl https://wikichen.is * Adding handle: conn: 0x7f9f82804000 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x7f9f82804000) send_pipe: 1, recv_pipe: 0 * About to connect() to wikichen.is port 443 (#0) * Trying 54.230.141.222... * Connected to wikichen.is (54.230.141.222) port 443 (#0) * TLS 1.2 connection using TLS_RSA_WITH_RC4_128_MD5 * Server certificate: www.wikichen.is (6w984WNu7vM5OrdU) * Server certificate: StartCom Class 1 Primary Intermediate Server CA * Server certificate: StartCom Certification Authority > HEAD / HTTP/1.1 > User-Agent: curl/7.30.0 > Host: wikichen.is > Accept: */* > < HTTP/1.1 200 OK HTTP/1.1 200 OK < Content-Type: text/html; charset=utf-8 Content-Type: text/html; charset=utf-8 < Content-Length: 1153 Content-Length: 1153 < Connection: keep-alive Connection: keep-alive < Date: Sun, 09 Mar 2014 16:09:54 GMT Date: Sun, 09 Mar 2014 16:09:54 GMT < Cache-Control: max-age=120 Cache-Control: max-age=120 < Content-Encoding: gzip Content-Encoding: gzip < Last-Modified: Wed, 05 Mar 2014 20:40:48 GMT Last-Modified: Wed, 05 Mar 2014 20:40:48 GMT < ETag: "34685bc45353d1030d3a515ddba78f3e" ETag: "34685bc45353d1030d3a515ddba78f3e" * Server AmazonS3 is not blacklisted < Server: AmazonS3 Server: AmazonS3 < Age: 4244 Age: 4244 < X-Cache: Hit from cloudfront X-Cache: Hit from cloudfront < Via: 1.1 4f672256eaca5524999342dc8678cdd2.cloudfront.net (CloudFront) Via: 1.1 4f672256eaca5524999342dc8678cdd2.cloudfront.net (CloudFront) < X-Amz-Cf-Id: h4TEULH44TCi7m2lL42A8lO-5-Gmx8iY2M2C1AOmRlK543zFN6jCtQ== X-Amz-Cf-Id: h4TEULH44TCi7m2lL42A8lO-5-Gmx8iY2M2C1AOmRlK543zFN6jCtQ== < * Connection #0 to host wikichen.is left intact
然后在其他页面上失败:
$ curl -i -v https://wikichen.is/writing/index.html * Adding handle: conn: 0x7fa153804000 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x7fa153804000) send_pipe: 1, recv_pipe: 0 * About to connect() to wikichen.is port 443 (#0) * Trying 54.230.140.160... * Connected to wikichen.is (54.230.140.160) port 443 (#0) * TLS 1.2 connection using TLS_RSA_WITH_RC4_128_MD5 * Server certificate: www.wikichen.is (6w984WNu7vM5OrdU) * Server certificate: StartCom Class 1 Primary Intermediate Server CA * Server certificate: StartCom Certification Authority > GET /writing/index.html HTTP/1.1 > User-Agent: curl/7.30.0 > Host: wikichen.is > Accept: */* > < HTTP/1.1 502 Bad Gateway HTTP/1.1 502 Bad Gateway < Content-Type: text/html Content-Type: text/html < Content-Length: 472 Content-Length: 472 < Connection: keep-alive Connection: keep-alive * Server CloudFront is not blacklisted < Server: CloudFront Server: CloudFront < Date: Sun, 09 Mar 2014 17:54:41 GMT Date: Sun, 09 Mar 2014 17:54:41 GMT < Age: 6 Age: 6 < X-Cache: Error from cloudfront X-Cache: Error from cloudfront < Via: 1.1 9096435f28f91f92bacdf76122de09ee.cloudfront.net (CloudFront) Via: 1.1 9096435f28f91f92bacdf76122de09ee.cloudfront.net (CloudFront) < X-Amz-Cf-Id: iAUOQbP8O4A0pI9KGvVz0VgBT1TW-j0yVDa7vdSvIAuxnKOyQghtnw== X-Amz-Cf-Id: iAUOQbP8O4A0pI9KGvVz0VgBT1TW-j0yVDa7vdSvIAuxnKOyQghtnw== <ERROR: The request could not be satisfied ERROR
The request could not be satisfied.
Generated by cloudfront (CloudFront) * Connection #0 to host wikichen.is left intact