Figure out how to use an ACM certificate

[waldoj]

AWS Certificate Manager can issue the certificate, as long as the site is behind Cloudfront. (Or other services, but that's the viable one here.) You can't load it onto an EC2 instance. Figure out how to do that, to make the site portable, off its current server.

[waldoj]

I set up a new CloudFront distribution for the site. I think that's going to be enough to do the trick? (I can't say for sure, because the new distribution is "In Progress.")

[waldoj]

All that remains is to disable the certificate on the EC2 instance and see how that goes.

[waldoj]

Huh. I broke it. Having seen that the CloudFront distribution process was complete, I pointed Route 53 at the distribution, and then modified the CloudFront distribution to specify api.richmondsunlight.com as a CNAME. That resulted in every API query returning this:

ERROR

The request could not be satisfied.

Bad request.
I've removed that CNAME from the distribution, and monitored the DNS record in Route 53 to just use an A record pointing to the server's IP address, and all's well again.

I'm going to open a new issue to sort out the matter of CloudFront.

[waldoj]

Re: the topic of this issue, I think I need to revert the API to HTTP, route all traffic via CloudFront, and direct CloudFront to interface with EC2 via HTTP, and that'll do it. Of course, traffic is unencrypted within AWS' environment, but since this is all public data, that shouldn't be a problem.