Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
re-deploying with custom domain name gives "forbidden" error
See original GitHub issueI used undeploy followed by deploy on a site with a custom domain name and AWS certificate, then tried to certify since this changed the Amazon url (which worked with the site) but certify apparently can only be run one time, leaving the custom domain broken (gives the “{message:forbidden}” error) with no obvious way to fix it.
This site uses a domain name managed by a non-AWS provider, but I configured with an AWS certificate.
Site was certified and working with custom domain name for the first time yesterday. The site wasn’t working with the custom domain this morning (don’t know why). Unable to find a cause and not knowing how the AWS configuration works I tried undeploy then deploy (updating the DNS to point to the new Amazon URL) and then attempted to run certify which threw an exception indicating that it is already certified. After a long period of Amazon education I was able to determine that the “Base Path Mappings” (amazon’s console at: “your-region.console.aws.amazon.com/apigateway/”, then select “custom domain names” - for those like me who don’t know where to do this) was empty and that setting it to:
Path: / Destination: (production-deployment):production
allowed my custom domain to work again.
I am not certain if this is the configuration that is created by Zappa using deploy/certify, only that this works. I am also uncertain as to how/why the site stopped working overnight and if this was the issue then.
Expected Behavior
Zappa should provide some means of verifying that the API gateway configuration is correct/matches the current configuration and updating the API gateway if it isn’t correct when the “certify” option is used.
Actual Behavior
Throws exception indicating domain name is already certified
Possible Fix
Ideally zappa would automatically detect the existing configuration and verify that it matches what would otherwise be uploaded. Alternatively add a certify command line option “–update” which would force replacement of any current configuration .
Steps to Reproduce
Starting with a site that has never been deployed:
- zappa deploy production (then update with amazon generated url)
- zappa certify production
- zappa undeploy production
- zappa deploy production
- zappa certify production
Your Environment
- Zappa version used: 0.45.1
- Operating System and Python version: Debian Linux (jessie), python 3.6.3
- The output of
pip freeze:
- Link to your project (optional):
- Your
zappa_settings.py:
Issue Analytics
- State:
- Created 6 years ago
- Reactions:7
- Comments:9
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I had the problem of using zappa certify with a custom domain and kept receiving a " {“message”:“Forbidden”} " error.
This was solved by going to my aws console and navigating to ‘API Gateway’. Under 'Custom Domain Names" find your custom domain. The problem is that it is missing a base path under ‘Base Path Mappings’. Follow the steps SCDealy used and your website/apis should work.
A problem when using zappa and custom domains is that zappa creates a cloudfront distribution that is not displayed on the aws console. So deleting the certificate become impossible because it is attached to the distribution. Because of this I lost a domain to because I got so frustrated I closed my aws account and made a new one but my domain did not transfer because it is still stuck with the closed aws account distribution. I am contacting aws support to see what I can do about this.
Manual fix for now: