Can't get https working on Elastic Load Balancer (AWS)

ssl amazon-web-services amazon-ec2
10,021

Solution 1

Have you made sure that the ELB is in a security group that allows https on port 443?

Solution 2

I had a similar problem with both classic and advanced load balancer. The thing that was missing for me is that the https to http translation stuff only workers AFTER you make an A record in the DNS for the domain your SSL is on ALIASED to the load balancer you just created. Once I did that all was well through that new A record DNS. Your instance doesn't need to accept port 443 and your LB definitely should not be forwarding over 443.

Hopefully it is something straightforward like this for you as well.

Wait, what SSL certificate in PEM format? I used an Amazon SSL certificate I just got from the dropdown. Are you sure you used an SSL certificate?

Share:
10,021

Related videos on Youtube

cafman
Author by

cafman

Updated on June 08, 2022

Comments

  • cafman
    cafman almost 2 years

    I have a load balancer in front on an ec2-Classic instance. I have checked that the load balancer is working properly by directly linking to the DNS Name value that is listed in the Description tab for my load balancer. This gives me the main page of the webpage that lies on the EC2 instance. Thus my load balancer is working. My load balancer and my EC2 instance are in the same avalibility zone.

    My load balancer has set up an SSL certificate and I have two listeners setup to forward http (port 80) and https (port 443) to instance port 80 as http. My EC2 instance has a security group set to accept http and https with protocol TCP on ports 80 and 443 respectively. Although my understanding is that only the port 80 would be useful, right? The data for the certificate are in the pem format. I have addded to my instance security group a custom TCP on Port Range 0 - 65535 for amazon-elb/amazon-elb-sg. This did nothing.

    I can access my site using http just fine. If I try to access using https then I get Error code: ERR_CONNECTION_REFUSED on Chrome and Unable to Connect on Firefox.

    I have checked similar posts for this question and nothing seems to help.

    Any help or ideas would be greatly appreciated. Thanks

    • NathanW
      NathanW about 8 years
      Did you ever figure this out? I'm having the exact same problem.
  • cafman
    cafman over 9 years
    I believe your guide is for if want have back-end authentication. I am trying to have the SSL authentication take place at the load balancer. My understanding is that it then communicates with the instance over http on port 80, right?
  • cafman
    cafman about 9 years
    The documentation I can find mentions how to deal with this for EC2 in VPC. I'm not sure how to check the details of the source security group (or edit them) for a load balancer in EC2-Classic. In the tab of my load balancer it reads "Source Security Group amazon-elb/amazon-elb-sg". The only security groups I seem to be able to edit/read are the instance security groups.
  • Danilo Ramirez
    Danilo Ramirez about 9 years
    No, HTTPS traffic received at the LB will flow to the instance as HTTPS. So you can't point at port 80 you have set it up to 443 as the guide says. Are you trying to achieve some performance tuning?. SSL validation will still take place at the LB
  • Danilo Ramirez
    Danilo Ramirez about 9 years
    Were you able to set the ELB with HTTPS?
  • MrVentzi
    MrVentzi about 7 years
    @bytesandwich Thanks mate, I had only port 80 on the inbound rules on the load balancer. Totally missed this bit. Added 443 and everything works fine. Load balanacer accepts 443 and it talks with the instances on port 80 . I believe this is what the original question was as well.
  • Samantha Atkins
    Samantha Atkins almost 5 years
    I am confused by Danilo's comment. It is my understanding that one of the good things about ELB is that the instances do not have to be configured with SSL. So presumably the info to deal with it is forwarded?
  • Danilo Ramirez
    Danilo Ramirez almost 5 years
    @SamanthaAtkins, sorry to hear that my answer and comment do not help and are confusing. As you can see this is and old answer and links/answer might not be valid to current AWS version. Please downvote to taste for the betterment of the answers that people receive as relevant.
  • Samantha Atkins
    Samantha Atkins almost 5 years
    You definitely don't need or want HTTPS configured on the instance in this scenario. HTTPS at load balancer to HTTP at instance is well supported.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

AWS Load Balancer: 503 (Service Unavailable: Back-end server is at capacity)
AWS: how to install AWS-issued SSL certificate on my Windows Server EC2?
Install SSL on Amazon Elastic Load Balancer with GoDaddy Wildcard Certificate
Setting Up ELB with SSL - What is Backend Authentication?
Download SSL certificate from aws certificate manager
Setup an SSL certificate on an EC2 instance
How to add SSL certificate to AWS EC2 with the help of new AWS Certificate Manager service
How to Install SSL on AWS EC2 WordPress Site
AWS SSL on EC2 instance without Load Balancer - NodeJS
How do I keep my Amazon Linux EC2 instance /var/log/messages from being filled with dhclient and ec2net messages?