When I try to add an apex domain to cloudfront Alternate Domain Names list, it throws the following error: Cloudfront error
I know my configuration works, because I am able to use the same domain with www as subdomain without any problem: Cloudfront config
And I'm sure route53 is not the problem, because I can create the Alias Record with no problem pointing to my CloudFront Distribution, but if Cloudfront doesn't let me add the Apex Domain on its list, it will reject and request.
Note: an apex domain is an URL without the subdomain part, i.e. domain.io
The error you get is probably because your certificate in ACM has been registered for www.domain.io or *.domain.io. Such certificate does not cover the apex domain domain.io. From the AWS documentation:
When you request a wildcard certificate, the asterisk (*) must be in the leftmost position of the domain name and can protect only one subdomain level. For example, *.example.com can protect login.example.com and test.example.com, but it cannot protect test.login.example.com. Also note that *.example.com protects only the subdomains of example.com, it does not protect the bare or apex domain (example.com). However, you can request a certificate that protects a bare or apex domain and its subdomains by specifying multiple domain names in your request. For example, you can request a certificate that protects example.com and *.example.com
Typical soltuion is to create a new cerficate for both domains, *.domain.io and domain.io, or both www.domain.io and domain.io.
