I've been having some trouble setting up my a custom domain for my websocket API Gateway in AWS. I keep getting certificate errors. I have a certificate setup already, and some cloud formation scripts. That look right. Everything deploys correctly, but I keep getting this error about certificates.
$ wscat -c ws.example.com
error: Hostname/IP does not match certificate's altnames: Host: ws.example.com. is not in the cert's altnames: DNS:*.execute-api.us-east-1.amazonaws.com
I checked the certificate it's returning, and the serial number does not match the certificate I've created in ACM.
Here's my CloudFormation script:
WebsocketApi:
Type: AWS::ApiGatewayV2::Api
Properties:
Name: !Sub ${Environment}-ips-ws-api
ProtocolType: WEBSOCKET
RouteSelectionExpression: $request.body.action
ApiKeySelectionExpression: $request.header.x-api-key
WebsocketStage:
Type: AWS::ApiGatewayV2::Stage
Properties:
ApiId: !Ref WebsocketApi
Description: Websocket Api Stage
StageName: base
AutoDeploy: true
WebsocketDomainName:
Type: AWS::ApiGatewayV2::DomainName
Properties:
DomainName: !Ref WebsocketDomain
DomainNameConfigurations:
- CertificateArn: !Ref WebsocketCertificateArn
SecurityPolicy: TLS_1_2
EndpointType: REGIONAL
WebsocketDomainMapping:
Type: AWS::ApiGatewayV2::ApiMapping
Properties:
ApiId: !Ref WebsocketApi
ApiMappingKey: base
DomainName: !Ref WebsocketDomainName
Stage: !Ref WebsocketStage
WebsocketDnsRecord:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId: !Ref HostedZoneId
Name: !Ref WebsocketDomain
Type: CNAME
AliasTarget:
DNSName: !GetAtt WebsocketDomainName.RegionalDomainName
EvaluateTargetHealth: false
HostedZoneId: !GetAtt WebsocketDomainName.RegionalHostedZoneId
Let me know if there's I'm missing some infromation.
Any help would be appreciated, been wracking my brain over this for a while.
