ghost
commented
7 years ago I had the problem of using zappa certify with a custom domain and kept receiving a " {"message":"Forbidden"} " error.
This was solved by going to my aws console and navigating to 'API Gateway'. Under 'Custom Domain Names" find your custom domain. The problem is that it is missing a base path under 'Base Path Mappings'. Follow the steps SCDealy used and your website/apis should work.
A problem when using zappa and custom domains is that zappa creates a cloudfront distribution that is not displayed on the aws console. So deleting the certificate become impossible because it is attached to the distribution. Because of this I lost a domain to because I got so frustrated I closed my aws account and made a new one but my domain did not transfer because it is still stuck with the closed aws account distribution. I am contacting aws support to see what I can do about this.
glassresistor
SCDealy
nueverest
hammadzz
nickpolet
scoates
elcolie
I used undeploy followed by deploy on a site with a custom domain name and AWS certificate, then tried to certify since this changed the Amazon url (which worked with the site) but certify apparently can only be run one time, leaving the custom domain broken (gives the "{message:forbidden}" error) with no obvious way to fix it.
This site uses a domain name managed by a non-AWS provider, but I configured with an AWS certificate.
Site was certified and working with custom domain name for the first time yesterday. The site wasn't working with the custom domain this morning (don't know why). Unable to find a cause and not knowing how the AWS configuration works I tried undeploy then deploy (updating the DNS to point to the new Amazon URL) and then attempted to run certify which threw an exception indicating that it is already certified. After a long period of Amazon education I was able to determine that the "Base Path Mappings" (amazon's console at: "your-region.console.aws.amazon.com/apigateway/", then select "custom domain names" - for those like me who don't know where to do this) was empty and that setting it to:
Path: / Destination: (production-deployment):production
allowed my custom domain to work again.
I am not certain if this is the configuration that is created by Zappa using deploy/certify, only that this works. I am also uncertain as to how/why the site stopped working overnight and if this was the issue then.
Expected Behavior
Zappa should provide some means of verifying that the API gateway configuration is correct/matches the current configuration and updating the API gateway if it isn't correct when the "certify" option is used.
Actual Behavior
Throws exception indicating domain name is already certified
Possible Fix
Ideally zappa would automatically detect the existing configuration and verify that it matches what would otherwise be uploaded. Alternatively add a certify command line option "--update" which would force replacement of any current configuration .
Steps to Reproduce
Starting with a site that has never been deployed:
Your Environment
pip freeze:pip-freeze.txt
zappa_settings.py: