serverless-domain-manager icon indicating copy to clipboard operation
serverless-domain-manager copied to clipboard

Published 20 hours ago verified publisher icon amplify-education

Right way to create custom domain with edge type endpoint

Open mohit2152sharma opened this issue 2 years ago • 4 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Support Question

Question I am trying to create a custom domain of edge type. I have setup cloudfront certificate in us-east-1 region. But when I run the command sls create_domain, I get the following error.

Command Run sls create_domain

Console Output

Running "serverless" from node_modules
'test-deregister.saral.club' does not exist.
Searching for a certificate with the '*.saral.club' domain
Environment: linux, node 16.13.2, framework 3.20.0 (local) 3.10.0v (global), plugin 6.2.2, SDK 4.3.2
Credentials: Local, "test" profile
Docs:        docs.serverless.com
Support:     forum.serverless.com
Bugs:        github.com/serverless/serverless/issues

Error:
Error: Unable to create domain 'test-deregister.saral.club':
Could not find an in-date certificate for '*.saral.club'.
    at ServerlessCustomDomain.<anonymous> (/mnt/c/Users/mohit/GitHub/saral/lambda-unsubscribe-frontend/node_modules/serverless-domain-manager/dist/src/index.js:193:23)
    at Generator.throw (<anonymous>)
    at rejected (/mnt/c/Users/mohit/GitHub/saral/lambda-unsubscribe-frontend/node_modules/serverless-domain-manager/dist/src/index.js:6:65)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

I have setup the yml file as per the docs Domain Manager Configuration Replace this with your own serverless.yml file (anonymized, of course) to help us better resolve your issue.

service: lambda-unsubscribe-frontend
frameworkVersion: '3'

plugins:
  - serverless-python-requirements
  - serverless-domain-manager
custom:
  pythonRequirements:
    slim: true
    dockerizePip: true
    useDownloadCache: false
    useStaticCache: false
    fileName: ./requirements/requirements-${env:BRANCH_NAME}.txt
  domain: 
    test: test-deregister.saral.club
    stg: stg-deregister.saral.club
    prod: deregister.saral.club
  customDomain:
    domainName: ${self:custom.domain.${env:MY_ENV}}
    certificateName: '*.saral.club'
    stage: ${env:MY_ENV}
    createRoute53Record: true
    createRoute53IPv6Record: true
    endpointType: edge
    securityPolicy: tls_1_0
    apiType: rest

package:
  individually: true
  patterns:
    - '.github/'
    - '__pycache__/**'
    - 'rough.py'
    - 'rendered.html'
    - 'README.md'
    - 'archive'
    - '.circleci'

provider:
  name: aws
  runtime: python3.8
  stage: ${env:MY_ENV}
  region: ${env:MY_REGION}


functions:
  unsubscribe:
    handler: handler.serve_html
    maximumRetryAttempts: 1
    memorySize: 512
    environment:
      MY_ENV: ${env:MY_ENV}
      MY_REGION: ${env:MY_REGION}
    events:
      - http:
          cors: true
          path: /emailId/{email_id}
          method: get 
          request:
            parameters:
              paths:
                email_id: true

My understanding from the docs is, based on certificateName it will try to fetch the relevant certificate, however, it throws the above error. Although if I run the create_domain command, after adding certificateArn number, it is able to create the domain. Also, note that I run the command before and after changes in the same region i.e. ap-south-1.

My question, is the recommended way to create edge optimized api endpoint by providing certificateArn? Versions

  • Domain Manager version(s): 6.0.3
  • Node/npm version: npm - 8.6.0, node - 15.0.1
  • Serverless Version:3
  • Lambda Code: Python

Additional context/Screenshots Add any other context about the problem here. If applicable, add screenshots to help explain.

mohit2152sharma avatar Jul 08 '22 16:07 mohit2152sharma

Did you manage to find the fix for this? Im also getting the same error Could not find an in-date certificate

    customDomain: {
            domainName: "image-service.staging.acme.com",
            basePath: "/",
            certificateName: "*.staging.acme.com",
            stage: "${opt:stage}",
            createRoute53Record: true,
        },

kaykhan avatar Jul 15 '22 13:07 kaykhan

Not exactly, but I am using an alternative. You can use the parameter certificateArn and hard code the certificate arn there. It's a bit of a hassle but it gets the job done now. In the ideal case, I would want it to fetch certificateArn automatically based on the domain name.

mohit2152sharma avatar Jul 15 '22 14:07 mohit2152sharma

thanks setting the certificateArn worked

kaykhan avatar Jul 15 '22 14:07 kaykhan

Hi @mohit2152sharma

Thank you for your issue!

It could be related to the https://github.com/amplify-education/serverless-domain-manager/issues/510 Place try our latest version of the plugin (6.1.0) It should be fixed And please let us know the result

rddimon avatar Aug 10 '22 16:08 rddimon

Hi there

There are no updates for a long time so closing it

Please try our latest version and let us know in case any issues

rddimon avatar May 10 '23 09:05 rddimon