amazon-web-services - 将自定义域用于 AWS websocket API 网关(使用 CloudFormation)时出现证书错误

Question

我在 AWS 中为 Websocket API 网关设置自定义域时遇到了一些问题。我不断收到证书错误。我已经设置了证书和一些云形成脚本。看起来不错。一切都部署正确，但我不断收到有关证书的错误。

$ wscat -c ws.example.com
error: Hostname/IP does not match certificate's altnames: Host: ws.example.com. is not in the cert's altnames: DNS:*.execute-api.us-east-1.amazonaws.com

我检查了它返回的证书，序列号与我在 ACM 中创建的证书不匹配。

这是我的 CloudFormation 脚本:

  WebsocketApi:
    Type: AWS::ApiGatewayV2::Api
    Properties:
      Name: !Sub ${Environment}-ips-ws-api
      ProtocolType: WEBSOCKET
      RouteSelectionExpression: $request.body.action
      ApiKeySelectionExpression: $request.header.x-api-key

  WebsocketStage:
    Type: AWS::ApiGatewayV2::Stage
    Properties: 
      ApiId: !Ref WebsocketApi
      Description: Websocket Api Stage
      StageName: base
      AutoDeploy: true

  WebsocketDomainName:
    Type: AWS::ApiGatewayV2::DomainName
    Properties:
      DomainName: !Ref WebsocketDomain
      DomainNameConfigurations:
        - CertificateArn: !Ref WebsocketCertificateArn
          SecurityPolicy: TLS_1_2
          EndpointType: REGIONAL

  WebsocketDomainMapping:
    Type: AWS::ApiGatewayV2::ApiMapping
    Properties:
      ApiId: !Ref WebsocketApi
      ApiMappingKey: base
      DomainName: !Ref WebsocketDomainName
      Stage: !Ref WebsocketStage

  WebsocketDnsRecord:
    Type: AWS::Route53::RecordSet
    Properties:
      HostedZoneId: !Ref HostedZoneId
      Name: !Ref WebsocketDomain
      Type: CNAME
      AliasTarget:
        DNSName: !GetAtt WebsocketDomainName.RegionalDomainName
        EvaluateTargetHealth: false
        HostedZoneId: !GetAtt WebsocketDomainName.RegionalHostedZoneId

如果我遗漏了一些信息，请告诉我。

任何帮助将不胜感激，我为此绞尽脑汁有一段时间了。

Answer 1

您在使用 wscat 时是否缺少协议(protocol)？你应该像这样使用它:

wscat -c wss://socketserve.example.com