serverless-next.js icon indicating copy to clipboard operation
serverless-next.js copied to clipboard
verified publisher icon serverless-nextjs

Conflict between domain, certificate domain and hosted zone in route 53

Open robin-ln opened this issue 3 years ago • 0 comments

Issue Summary

In my case i have an hosted zone domain.com for example. I have a certificate *.app.domain.com (i can't use directly *.domain.com because i already have an app on this certificate)

But when i try this config :

next-sls-app:
  component: '@sls-next/[email protected]'
  inputs:
    domain: ["staging", "app2.domain.com"]
    cloudfront:
      certificate:
        cloudFrontDefaultCertificate: false
        acmCertificateArn: ${certificateArn} # certificate for `*.app2.domain.com` 
        minimumProtocolVersion: TLSv1.2_2021

i have this error :

Error: Domain staging.app2.domain.com was not found in your AWS account. Please purchase it from Route53 first then try again.

But in route 53 i already purchase domain.com

In .serverless/Template.next-sls-app.Domain.json i have :

{
  "region": "us-east-1",
  "privateZone": false,
  "domain": "staging.app2.domain.com",
  "subdomains": [
    {
      "domain": "staging.staging.app2.domain.com",
      "distributionId": "*************",
      "url": "https://**********.cloudfront.net",
      "type": "awsCloudFront"
    }
  ],
  "domainMinimumProtocolVersion": "TLSv1.2_2018"
}

i try an other conf :

next-sls-app:
  component: '@sls-next/[email protected]'
  inputs:
    domain: ["staging.app2", "domain.com"]
    cloudfront:
      certificate:
        cloudFrontDefaultCertificate: false
        acmCertificateArn: ${certificateArn} # certificate for `*.app2.domain.com` 
        minimumProtocolVersion: TLSv1.2_2021

But here i have a conflict between certificate domain *.app2.domain.com and hosted zone domain *.domain.com And if i try to use the certificate *.domain.com the app will be deployed successfully, but I have a big warning in the navigator because I have two sub domain (staging.app2.domain.com).

Expected behavior

For solved this issues i use a cloudformation file who create the Cloudfront and export the distributionId, but i want to have just a serverless configuration in my project, something like this :

next-sls-app:
  component: '@sls-next/[email protected]'
  inputs:
    domain: ["staging.app2", "domain.com"]
    cloudfront:
      certificate:
        cloudFrontDefaultCertificate: false
        acmCertificateArn: ${certificateArn} # certificate for `*.app2.domain.com` 
        minimumProtocolVersion: TLSv1.2_2021

But in the code of the plugin check if staging.app2.domain.com respect the certificate pattern *.app2.domain.com

Finely have :

  • A cloudfront with the good certificate : app2.domain.com
  • And in route 53 the goog record staging.app2.domain.com

Steps to reproduce

  • purchase a zone in route 53 (domain.com)
  • create a certificate (*.app2.domain.com) -> try do deploy an app on staging.app2.domain.com

Versions

  • OS/Environment: MacOs 12.3.1 (21E258)

  • @sls-next/serverless-component version: 3.7.0

  • Next.js version: 12.1.6

Contributing

I can ask some day to my enterprise for contribute, so if you think my issue is legit, contact me ! :)

PS: Sorry in advance for my english

robin-ln avatar Jun 13 '22 14:06 robin-ln