AWS Certified Solutions Architect - Professional 2020

Sign Up Free or Log In to participate!

CloudFront Problem For EC2 Hosted Web Server – Returning EC2’s Hostname and Not Real Domain Name

Hello Cloud Gurus,

Very strange issue and hope you will have a good solution for this issue. I think it might be solution from CloudFront side and is not necessary to edit any code in web server.

So here is the scenario:

Every time I am deploying cloudfront in AWS for a dynamic website it gives me some problem.

For example if cloudfront is deployed for domain and web server is in ec2 based on apache, everytime I make get request from browser to it returns me ec2 server hostname like: or something like this. As you know it is ec2's default DNS address given from AWS.

How can I fix this without making editing in Apache? (Without Set domain name manually in a code. Configuration in Apache looking for servers host address itself). Cloudfront is configured to redirect http to https and everything other is default. Only using certificate generated from aws cert manager for this domain.

Today I set URL manually in Apache like and it fixed but it is often that site developer has own site engine and do not want to change anything and site host are dynamic for them. Then comes a mixed content and I am getting a cloudfront problem even it changes me web address in the browser (when I am going web site's different pages and it returns me such kind of link > < for example), or even website is loading not with fully safe certificate and browser (F12 - Console) shows me "Mixed Content"

How should I fix this at cloudfront side?


Here are shown my CloudFront configuration when I have this upper problem:

Origin Domain Name:

Origin Path:  Is Default (Empty)

Origin ID: I tried to make even "" or even domain name like ""

Minimum Origin SSL Protocol: Default

Origin Protocol Policy: Default

Origin Response Timeout: Default

Origin Keep-alive Timeout: Default

HTTP Port: Default

HTTPS Port: Default

Origin Custom Headers: Default

Path Pattern: Default (*)

Origin or Origin Group: It depend what I will chose "" or even domain name like ""

Viewer Protocol Policy:  Redirect HTTP to HTTPS

Allowed HTTP Methods: Default (GET, HEAD)

Cached HTTP Methods: Default

Cache Based on Selected Request Headers: Default (I also tried "Whitelist Headers" For "HOST")

Object Caching:  Use Origin Cache Headers

Minimum TTL: Default

Maximum TTL: Default

Default TTL: Default

Forward Cookies: Default

Query String Forwarding and Caching: Default

Smooth Streaming: Default

Restrict Viewer Access (Use Signed URLs or Signed Cookies): Default (NO)

Compress Objects Automatically: Default (NO)

Lambda Function Associations: Default

1 Answers

Hi Guram,

I'm going to guess that you're not using a custom SSL cert and instead the default CloudFront default certificate.   If you want to use your own custom domain name, you'll need to create an SSL cert that is tied to that domain. ( as you say).   You can do this very easily using AWS Certificate Manager and it integrates well with CloudFront.  You do need to prove you own the custom domain name though and there are several automated ways Certificate Manager can do this.

When setting up your CloudFront disto, you would select your custom SSL cert created in ACM.   You then have the option of using a static IP or using SNI.  SNI is the easiest and way cheaper than a static IP so I'd use that if you don't NEED a static IP.

This should allow CloudFront to serve up your content via your own custom domain without having to manually change via redirects.


Guram Tochilashvili

HI Scott, Thank you for your answer. But I am not using default SSL, I am using SSL for my own domain generated in AWS Cert Managar.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?