Greetings!
There is an issue with a website sitting on a domain and its S3 storage that contains immense static media files for the website. The server for the website and storage are different, but the domain allocates a subdomain that looks at the S3 storage via DNS CNAME record. Previously, the subdomain was linked to the storage via CDN, indicating that https was needed. Though, now the free tariff from the CDN used has been lost and configuring the subdomain directly looking into the storage posed an issue.
The files are accessible via addresses with http and https except for when accessed via https://subdomain.domain/files, where a certificate error occurs, though https appears valid on the storage itself. The nslookup command reveals the storage server as a Non-authoritative answer. Installing SSL on the subdomain does not affect it. A whois check on the subdomain gave the domain as free, which raises concern.
What can be done to solve the issue and is this situation typical for subdomains?
To install it, all that's needed is the installation (and activation) of a certificate and private key on the storage web server. I cannot guarantee the relevance of the solution provided: https://stackoverflow.com/questions/11201316/how-to-configure-ssl-for-amazon-s3-bucket (https://stackoverflow.com/questions/11201316/how-to-configure-ssl-for-amazon-s3-bucket)
Do you have a well-known WHOIS web server that would return WHOIS information for a subdomain? What leads you to believe that this should be the case?
While there are 3rd-level domains with a complete zone and WHOIS server, this does not apply to your subdomain.
Access to a website can be difficult for several reasons:
1. The site does not use SSL, but it shares an IP address with another site that uses SSL.
2. The site no longer exists, but the domain still points to the old IP address, which now hosts another site.
3. The site uses a content delivery network (CDN) that does not support SSL.
4. The domain name alias was not included in the certificate.
It is important to note that SSL security certification is critical to providing a secure connection between users and websites. Ensuring user data security on a website should be a top priority for all web resource owners. Proper setup of an SSL certificate and checking for possible reasons for website access issues can help protect users from potential security threats.
Firstly, the loss of the free tariff from the CDN has led to the need for direct configuration of the subdomain to access the S3 storage. It's crucial to ensure that the DNS CNAME record pointing to the S3 storage is correctly set up to allow seamless access to the static media files for the website. Additionally, investigating the certificate error that occurs when accessing the files via https://subdomain.domain/files is essential to identify the root cause of the problem.
One potential solution to the certificate error could involve checking the SSL certificate configuration on the subdomain to ensure it matches the requirements for accessing the S3 storage via HTTPS. Verifying the validity and proper installation of the SSL certificate is crucial in resolving this issue. Furthermore, considering the non-authoritative answer from the nslookup command for the storage server, it might be beneficial to review the DNS settings and make any necessary adjustments to ensure authoritative responses.
The fact that the whois check indicated the subdomain's domain as free raises concerns about the domain's status and ownership. It's imperative to thoroughly investigate this aspect, as it could potentially be contributing to the issues faced with the subdomain configuration and SSL certificate validation.
While encountering such issues with subdomains can be challenging, it's essential to approach each component methodically and address any discrepancies in configuration, SSL certificates, DNS settings, and domain ownership. By systematically troubleshooting and resolving each aspect, the issue can be effectively mitigated, ensuring smooth access to the static media files and securing the subdomain's functionality.