I am looking for some advice as how to most cost efficiently setup SSL for a subdomain e.g https://images.example.com
.
Images are hosted in AWS S3 and I have a cloudfront distribution pointing to that bucket.
I have purchased a single domain SSL cert from Comodo and successfully added it to my cloudfront distribution. That part was easy as pie.
However, when loading images on the subdomain I get a "Not secure / certificate invalid" in the browser bar.
Is this because I require a wildcard SSL cert?
I have not tested that the SSL cert works on the main domain. Reason being there is currently a production site that I don't want to interfere with.
Before I rush out and purchase a much more expensive wildcard SSL cert, I want to make sure it is required.
I have a single subdomain for image hosting. I don't expect to ever ad more subdomains. What if I just purchase two single domain certs?
What are my options?
Try using ACM (https://aws.amazon.com/certificate-manager/ ) to issue an AWS issued wildcard certificate for your domain and use that instead?
As to why your existing cert won't work - does it have the domain in the cert (eg images.domain.com) as either the primary domain or as a SAN? If not, it won't work.
If you don't want to use a wildcard, you can use an ACM cert (or a cert you purchase from somewhere else) and issue it for the domain subdomain only? You don't have to use a wildcard but from a cost point of view if you are purchasing them, its often more cost-effective (although there are of course security concerns to consider). If you are using ACM, the certs are free - either domain specific or wildcard.