question

Steve L. avatar image
Steve L. asked

Comodo CA Limited cert is not recognized by Alexa.

I created a new skill on my own server using PHP. The skill is on https://www.techfor5.com. I have validated the cert on several websites. All signs show that the cert is valid. However, Alexa says it cannot find the skill due to an invalid cert. It is a Comodo CA Limited cert. Works everywhere else. Will this not work with Alexa? The app works great in the developer test console - has no issues at all. What am I doing wrong?
alexa skills kitdebugging
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

12 Answers

Steve L. avatar image
Steve L. answered
I finally got an email from Amazon support that said that SNI certs are not currently supported. This pretty much means that unless you want to pay for a private server you will not be able to host Amazon Echo applications. In my opinion this is a huge oversight on Amazon's part. Perhaps they are trying to force us to use their servers. I hope they re-consider and add SNI cert support soon. They are good enough for everybody else, why not Amazon?
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Galactoise avatar image
Galactoise answered
To be honest, you're probably better off just using the Lambda bounce approach. I say this as someone who fought against this for like a month in a half, insisting that we were going to resolve our cert problems, because it was the more pure approach, but finally gave in. The bounce solves it and adds almost no latency that we've seen. Plus it can have some added benefits in terms of your testing workflow, if you use it wisely.
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Steve L. avatar image
Steve L. answered
Can I use PHP with the Lambda solution?
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Galactoise avatar image
Galactoise answered
Well, the way it works is you put up a Lambda function (which is either Node.js or Java) that just redirects traffic to your webservice. So, you'll keep your same php service, throw away any of the SSL stuff you're doing now (or keep it there, it shouldn't hurt anything), and then add one additional component in the middle. If you're worried about not being familiar with Java or Node, don't worry, there are a couple templates on the forums that are literally copy, paste, and rename your url.
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Steve L. avatar image
Steve L. answered
I also do not see any way to incorporate a database with the Amazon Lambda service. This cripples what you can do with it.
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Galactoise avatar image
Galactoise answered
Right, I wouldn't recommend trying to run your entire skill from Lambda - just using it as a proxy to get around the weird SSL rules.
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

jjaquinta avatar image
jjaquinta answered
You can totally use a database from Lambda. I've done it with DynamoDB. There may even be samples of that. The problem is that you can't background anything. So you have to do all your IO on the main thread. This adds 1-2 seconds latency to your requests. That was too much of a performance hit for me so I shifted everything to a web server.
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Benjamin Galaviz avatar image
Benjamin Galaviz answered
You can use the free https://letsencrypt.org/ certificate to get this to work. It's what I am currently using.
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Levon@Amazon avatar image
Levon@Amazon answered
When using Let's Encrypt, please keep in mind that the cross-signing allows you to pick between two different interchangeable "Let’s Encrypt Authority X1" certificates that you can present in your certificate chain. You have to use the right intermediate certificate (the one signed by IdenTrust, not the one signed by ISRG Root X1) in order for it to work.
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Bob findlay avatar image
Bob findlay answered
> To be honest, you're probably better off just using > the Lambda bounce approach. I say this as someone > who fought against this for like a month in a half, > insisting that we were going to resolve our cert > problems, because it was the more pure approach, but > finally gave in. The bounce solves it and adds almost > no latency that we've seen. Plus it can have some > added benefits in terms of your testing workflow, if > you use it wisely. Hi Galactoise I've done about 10 searches but can't find the template bounce code you refer to. Any pointers? Thanks Bob
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.