AWS API Gateway Custom Domain SSL Certificate Not Recognizing Alternate Names
I'm collaborating on a project where I'm migrating some code and I've searched everywhere and can't find a clear answer. I'm sure I'm missing something obvious here, but I'm trying to set up a custom domain for my API Gateway, but I'm running into an scenario with the SSL certificate not recognizing alternate names. My domain is `api.example.com` and I've included both `api.example.com` and `www.api.example.com` in my certificate. However, when I attempt to call the API using `www.api.example.com`, I get a `403 Forbidden` behavior. When I check the API Gateway settings, it seems to only recognize `api.example.com` despite the alternate name being configured in AWS Certificate Manager (ACM). I've verified that the certificate has been correctly issued and that the domain is validated. Here's how I've set up the custom domain in the AWS console: 1. Under API Gateway, I created a custom domain name with the name `api.example.com`. 2. I linked it to the appropriate API stage. 3. The ACM certificate has both `api.example.com` and `www.api.example.com` as subject alternative names (SANs). I also have a Route 53 record set up for `www` pointing to the API Gateway, but I suspect something is off with the SSL configuration. I’ve tried re-issuing the certificate and double-checking the validation method. I also ran the following AWS CLI command to list the certificate details: ```bash aws acm describe-certificate --certificate-arn <your-certificate-arn> ``` The output shows that the alternative name is indeed recognized, but still, requests to `www.api.example.com` unexpected result. Anyone encountered this scenario before, or have suggestions on what might be missing here? My development environment is Linux. Am I missing something obvious? I'm working on a API that needs to handle this. What's the best practice here? This is happening in both development and production on Windows 10. Is this even possible? Any help would be greatly appreciated!