InvalidViewerCertificate

╷
│ Error: error creating CloudFront Distribution: InvalidViewerCertificate: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain.
│       status code: 400, request id: 08cbb95c-7431-4443-897f-394b6e8386c3
│
│   with module.cdn.aws_cloudfront_distribution.this,
│   on .terraform/modules/pathtofile.tf line 8, in resource "aws_cloudfront_distribution" "this":
│    8: resource "aws_cloudfront_distribution" "this" {
│
╵

Solution: https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-invalid-viewer-certificate/

• The certificate must be imported in the US East (N. Virginia) Region (us-east-1).
• The certificate must be 2048 bits or smaller.
• The certificate must not be password-protected.
• The certificate must be PEM encoded.

╷
│ Error: error creating CloudFront Distribution: InvalidViewerCertificate: The certificate that is attached to your distribution doesn't 
cover the alternate domain name (CNAME) that you're trying to add. For more details, see: 
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-requirements
│       status code: 400, request id: 6d4b8443-b4aa-4b79-ae6e-3b77a4e1b008
│
│   with module.cdn.aws_cloudfront_distribution.this,
│   on .terraform/modules/pathtofile.tf line 8, in resource "aws_cloudfront_distribution" "this":
│    8: resource "aws_cloudfront_distribution" "this" {
│
╵

Related terms[edit]

• aws acm list-certificates
• aws acm describe-certificate --certificate-arn

See also[edit]

• AWS CloudFront, distributions, Invalidations, Amazon CloudFront Ready, aws cloudfront, CloudFront Functions, Lambda@Edge, Origin Shield, Signed URL, OAI, Origin Access Control (OAC), Amazon CloudFront edge locations, cloudfront.net
• Terraform AWS CloudFront: provider aws_cloudfront_distribution, aws_cloudfront_origin_access_identity, aws_cloudfront_origin_access_control, Terraform module: cloudfront