Support » Plugin: Comet Cache » CDN and Domain Sharding breaks images

  • Resolved Bereshka

    (@bereshka)


    Hello, guys,
    Maybe you finally can help me.
    I created a Distribution at Amazon Cloudfront, I created 2 cnames
    cd1.usrussiacc.org
    cd2.usrussiacc.org

    1. If I put only this link d1hvnfrkakoqfp.cloudfront.net to the distribution in the plugin Comet Cache at CDN Hostname (Required) => website looks good, but I get a notice in pingdom about parallize the downloads.

    2. If I put
    usrussiacc.org = cd1.usrussiacc.org,cd2.usrussiacc.org in this section
    Multiple CDN Hostnames for Domain Sharding and Multisite Networks (Optional) , then I see that some of the downloads are parallized, but images are broken, When I check console it has ERR_CERT_COMMON_NAME

    Can’t really find where the problem with CDN or with Plugin configuration.
    Website has SSL, maybe this is the reason

    The page I need help with: [log in to see the link]

Viewing 9 replies - 1 through 9 (of 9 total)
  • In case it may be useful to anybody, I think that I linked CDN url resource to CNAMES or CNAMES to the website too early. Means that while it’s in process and do changes through all links, including images, I should wait more. I made this conclusion because I created a new distribution and I was waiting until it changes the state from in progress to deployed. After that I created again cnames, new and pointed them to this distribution. So some of the images were shown. Anyway to see the effect of parallelize of content downloads across hostnames, I need to wait about 24 hrs. I delete all distributions and did that again and now going to wait for a day, letting it all be converted in a proper way. As it’s hard to clean the cache of CDN

    • This reply was modified 1 year, 4 months ago by  Bereshka.

    I found solution. If your website has SSL certificate, then you need or to import your SSL certificate to Amazon Cloudfront and then to link it to your distribution, or if you have free SSL certificate, that my hosting didn’t wanted me to provide the body of it, so I couldn’t import, then just request certificate at the admipanel of Cloudfront, SSL Certificates, then it will ask you to verify it through DNS, creating additional CNAME. that’s it. Images are no longer broken.

    Plugin Author Raam Dev

    (@raamdev)

    @bereshka Thank you very much for sharing your solution here. I’m glad to hear you solved the problem. 🙂

    @bereshka My site is broken because Comet Cache doesn’t download cloudfront images.

    I have tried to follow your sugestion but I’m not sure whether I have done it right.

    I have used

    CloudFront Distributions -> My Distribution / Edit -> General ->

    Button: “Request or Import a Certificate with ACM” button

    Next.. next.. next… until it gave me a CNAME entry. I added it to my DNS and Amazon validated it.

    Was it?

    It still fails 🙁

    Do I have done it right? I so… do you have any suggestion.

    Thank you very much for your post.

    Regards
    Carlos

    • This reply was modified 1 year, 1 month ago by  cmelero.
    • This reply was modified 1 year, 1 month ago by  cmelero.

    If I deactivate “CDN Supports HTTPS Connections?” in Comet Cache config, it works fine… so.. yes… it appears to be a HTTPS misconfiguration between my site and Amazon.

    Bereshka

    (@bereshka)

    Hello, Carlos,
    Let me hang here my conversation with Amazon TechSupport, I think it might be useful

    Hello,

    Thank you for contacting AWS Support. My name is Ritish and I’ll be assisting you today.

    I understand that you are seeing an ‘err_cert_common_name’ error while accessing your images using the CNAME added to your CloudFront distribution. Please correct me if I am wrong.

    I checked using my internal tools and was unable to found the CloudFront distribution with the domain name ‘d1hvnfrkakoqfp.cloudfront.net’. It seems like you have deleted the previous CloudFront distribution and created a new one with the domain name ‘d3gejou8t706cm.cloudfront.net’. I can see that you have added 3 CNAMEs on this distribution which are: c3.usrussiacc.org, c2.usrussiacc.org, c1.usrussiacc.org. Please confirm if this is the desired distribution.

    I tried to access the image using the URL: ‘https://c1.usrussiacc.org/wp-content/uploads/2018/01/1347.jpg’ and was also getting the same error ‘ERR_CERT_COMMON_NAME_INVALID’.

    The reason you are getting this error is that you are currently using default SSL Certificate on your CloudFront distribution which only allows ‘*.cloudfront.net’ domains to make a request to your distribution. This is the reason I was able to get the image using the CloudFront domain URL: ‘https://d3gejou8t706cm.cloudfront.net/wp-content/uploads/2018/01/1347.jpg’.

    In order to resolve this issue, I request you to add custom SSL certificate to your CloudFront distribution and include all the domains in this certificate using which you will access your CloudFront distribution such as (c3.usrussiacc.org, c2.usrussiacc.org, c1.usrussiacc.org). You can also use a wildcard in your domain name at sub-level eg. *.usrussiacc.org in your certificate domains.

    You can use AWS Certificate Manager service to create custom SSL certificate for your domain. Public SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application.

    Please follow the steps below to create a certificate and update your distribution to use this custom SSL certificate:

    1. Request a Public Certificate: I request you to please refer this [1] document which contains detailed steps to request a public certificate using the console. However, please ensure that you are requesting the certificate in the N. Virginia (us-east-1) region using the AWS Console URL (https://console.aws.amazon.com/acm/home?region=us-east-1#/)

    2. Once your certificate is validated and the status is changed to ‘Issued’, you can add that certificate to your distribution.

    3. Select your CloudFront distribution.

    4. On the ‘General’ tab, click on ‘Edit’.

    5. Under SSL certificate option, select ‘Custom SSL Certificate (example.com):’

    6. From the drop-down list select the certificate created in Step 1.

    7. Click on ‘Yes, Edit’.

    Once you successfully made the above changes and your configuration is deployed across all the CloudFront edge location and the ‘Distribution Status’ is changed to ‘Deployed’, you can access your images using the URL: ‘https://c1.usrussiacc.org/wp-content/uploads/2018/01/1347.jpg’.

    However, if you still face the same issue, I request you to please share the HAR File. Please note that the HAR capture must be started before making any request. Please refer the following document for more details on generating HAR file: https://toolbox.googleapps.com/apps/har_analyzer/

    ================

    References:

    [1] Request a Public Certificate: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html#request-public-console

    I hope the above information was helpful to you. Please feel free to get back to us if you face any issue with the information provided above or for any further queries. I would be more than happy to assist you.

    Best regards,

    Ritish G.
    Amazon Web Services

    Bereshka

    (@bereshka)

    Hello, Ritish,
    Your answer is very helpful, I did all what you recommended below, as I use free certificate and my hosting provider refused to provide the certificate body, I just requested here another certificate, verified through DNS and everything is working. tools.pingdom.com still recommends me to parallelize downloads across hostnames, some were, but some not. But i guess or I should wait more time or investigate why it doesn’t parallelize all

    Bereshka

    (@bereshka)

    Hello,

    Thanks for your update.

    I understand that you are now able to access your images via HTTPS and not getting the error. However, ‘tools.pingdom.com’ still recommends you to parallelize downloads across hostnames.

    The Parallelize Downloads Across Hostnames warning is an optimization recommendation previously suggested by many popular speed test tools such as Pingdom, GTmetrix, PageSpeed Insights, and more. This warning is becoming less and less important as more website owners move to HTTP/2. HTTP/2 allows multiple resources to be loaded in parallel using only one connection. However, for those still using HTTP1.1 and loading multiple resources, it can be beneficial to implement what’s called domain sharding [1].

    The reason you are seeing this warning is that web browsers are limited to the number of concurrent connections they can make to a host. This is mainly due do HTTP/1.1 in which browsers open on average 6 connections per hostname. This warning is typically seen on websites with a large number of requests. In the past, the only way to get around this limitation is to implement domain sharding.

    However, if you are running your website over HTTPS with a provider that supports HTTP/2, this warning can usually be safely ignored now. With HTTP/2 multiple resources can now be loaded in parallel over a single connection. Over 77% of browsers now support HTTP/2 when running over HTTPS, as well as many CDN including CloudFront [2]. As per this [3] document, it is important to note that Pingdom doesn’t support HTTP/2 yet since it uses an older version of Chrome.

    Please refer these [3][4][5] documents for more details.

    As you are serving your website over HTTPS, you can safely ignore this warning as CloudFront and modern browsers supports HTTP/2.

    ================

    References:

    [1] Domain Sharding: https://blog.stackpath.com/glossary/domain-sharding/
    [2] Amazon CloudFront now supports HTTP/2: https://aws.amazon.com/about-aws/whats-new/2016/09/amazon-cloudfront-now-supports-http2/
    [3] How to Fix “Parallelize Downloads Across Hostnames” Warning: https://kinsta.com/knowledgebase/parallelize-downloads-across-hostnames/
    [4] Parallelize downloads across hostnames: https://gtmetrix.com/parallelize-downloads-across-hostnames.html
    [5] How To Parallelize Downloads Across Hostnames: https://www.keycdn.com/support/parallelize-downloads-across-hostnames/

    I hope the above information was helpful to you. Please do not hesitate

    Best regards,

    Ritish G.
    Amazon Web Services

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘CDN and Domain Sharding breaks images’ is closed to new replies.