1 Answers
Hi David,
SNI is required for any cert that you want to put in front of CloudFront unless you opt for the static IP deployment. The reason is that the CloudFront systems have their own DNS names, usually something like hfdushoewifeofh.cloudfront.net, and your domain is really just CNAMEed to that CloudFront domain. Thus, it would not validate against your mydomain.com certificate. Hence, SNI is needed to permit that certificate to work with multiple domain names.
If in doubt, try it out by creating a CloudFront deployment for some S3 docs and use ACM to create some certs….try it with and without SNI.
–Scott