I usually use Let’s Encrypt for obtaining my SSL certificates but this is just not an option
when using Amazon CloudFront. Fortunately, like Let’s Encrypt, Amazon does issue free SSL certificates. I must admit I do like using Amazon’s certificates because if you host your DNS on Route 53 (which I usually do) they basically take care of setting up your domain’s DNS verification automatically. DNS verification with Let’s Encrypt is most definitely not as seamless.
There is one thing that I keep forgetting when I create an Amazon wildcard certificate.
Several times now I have added the wildcard domain like *.example.com but I forgot to
include the root domain like example.com. This is not really a problem unless you like having many
certificates when a single one would suffice.
Anyway, because I forget things… When creating an Amazon wildcard certificate be sure to include the root domain as by default *.example.com does NOT include example.com.