I tried setting up SSL with Cloudfront yesterday and it was a complete mess. The validation method is sending an email to the domain contacts as listed in whois. So if you have whois privacy enabled, you cannot receive the email and therefore cannot setup the cert.
This is definitely a bug, because the system supposed to also send emails to admin@domain.com, hostmaster@domain.com, and a few others. With whois privacy enabled, I never received any of those emails.
Even with whois privacy, you are supposed to be able to receive an email via the privacy registrar's proxy email... but Amazon parses it incorrectly and ends up sending the email to legal@whoisproxy.com
This is definitely a bug, because the system supposed to also send emails to admin@domain.com, hostmaster@domain.com, and a few others. With whois privacy enabled, I never received any of those emails.
Even with whois privacy, you are supposed to be able to receive an email via the privacy registrar's proxy email... but Amazon parses it incorrectly and ends up sending the email to legal@whoisproxy.com
I'm not the only one:
https://forums.aws.amazon.com/thread.jspa?messageID=698280&t...
https://forums.aws.amazon.com/ann.jspa?annID=3510