Route 53 Naked/Root Domain Alias Record

user3413625 asked:

Route 53 supports Alias records which use Amazon S3 static websites to dynamically resolve naked domains to their www counterparts using a 301 redirect. I am wondering whether the Alias record will support SSL:

http:// example.com -> http:// www.example.com (this will work)
https:// example.com -> https:// www.example.com (will this work?)

I realize that SSL doesn’t have anything to do with DNS, but Route 53’s implementation of the Alias record (using an S3 static website) concerns me.

It seems like dnsimple’s ALIAS record does support SSL: http://support.dnsimple.com/articles/domain-apex-heroku/

If indeed Route 53 does not support SSL and dnsimple does, how does dnsimple’s implementation of the ALIAS record differ?

My answer:


Because you will configure the S3 bucket to send a 301 redirect to www.example.com if you follow Amazon’s directions, you will wind up with SSL certificate warnings if someone uses the non-www form. As far as I can tell, Amazon provides no way for you to provide your SSL certificate in this circumstance.

DNSimple has a different implementation which, instead of sending a 301 redirect, sends visitors directly to the IP address of the Heroku app (which, presumably, they look up dynamically). This works as long as Heroku is expecting it.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.