---
title: Alive and HTTPS
description:
created: !!timestamp '2020-03-01 19:15:00'
tags: [aws,https]
---

{% mark excerpt %}

Finally making some life signs here. I have had "write more blog posts" on my todo for a very long time now, and today I finally got some time and motivation to do this. Actually I updated the blog silently around a year ago to update my profile after I started at Shopify. Today's post started out by me noticing that the blog wasn't served over TLS, shame on me, it is 2020 after all...

{% endmark %}

For some background my blog has been served by static html on [Amazon S3](https://aws.amazon.com/s3) since the beginning in 2013. S3 itself does support HTTPS but only if you use the actual bucket url which looks something like `http(s)://<bucket>.s3.amazonaws.com/<object>`.  My subdomain `blog.prng.se` was a CNAME to my bucket where the static files lives.

[Cloudfront](https://aws.amazon.com/cloudfront) (Amazon's CDN) however can sit infront of S3 and serve over HTTPS with a custom domain, for no fixed fee. Basically you start with requesting a certificate for your domain in AWS Certificate Manager and choose your verification method, either via Email or DNS. I choose DNS and got a CNAME target I needed to add to my DNS Records for my domain. It took a few minutes for the certification validation to complete after my DNS record was updated. 

Then I could create the Cloudfront distribution, by pointing out my S3 bucket and my newly provisioned certificate and select some other options about which POPs to use etc. The Cloudfront distribution took quite some time (10+ minutes) to provision but after that the CDN was available at [d23eyjq58b193n.cloudfront.net](d23eyjq58b193n.cloudfront.net). After that I had to change the current CNAME for `blog.prng.se` to point to the CDN domain and wait for that to propagate. I had a 1h TTL on the domain which meant I had to wait a bit. When DNS propagation completed I still had problems connecting via https to the blog though. After some head scratching I realized I needed to specify the valid CNAMEs in the Cloudfront distribution. I added that, saved and waited a minute or two for it to take effect and, voila, the blog is now served over HTTPS.

Next up, I'm going to switch the blog from using [Hyde](http://hyde.github.io/) as it has been more or less abandoned the last 4 years and it doesn't support Python 3. So long, and thanks for all the fish Python 2.7. I found a new static site generator called [Zola](https://www.getzola.org) that's written in Rust that I will migrate to.