TemplateID: wordpress/wordpress-ha
Region: eu-west-1

When creating a hosted zone stack based on vpc/zone-public you cannot specify a name with a . at the end. For example, andreas.wolken.co.. Doing so will result in an The certificate that is attached to your distribution doesn't cover the alternate domain name (CNAME) that you're trying to add. For more details, see: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-requirements (Service: AmazonCloudFront; error, when creating a stack based on wordpress/wordpress-ha. CloudFront validates wether the aliases matches with the certificates since 2019. The validation is implemented in a way, that it does not support a . at the end of the domain name.

How to solve the problem?

1. Make sure that vpc/zone-public does only support zone names without a . at the end. For example, by using a regular expression to validate the parameter.
2. Ask CloudFront to fix the validation.

Any other ideas?

I guess option 1 is easier? :)