Here is my story
I have Amazon EC2 with Tomcat 7 hosted at an Elastic IP as
http://ec2-XX-XXX-XXX-XX.us-west-X.compute.amazonaws.com:8080/webAppX
http://ec2-XX-XXX-XXX-XX.us-west-X.compute.amazonaws.com:8080/webAppY
http://ec2-XX-XXX-XXX-XX.us-west-X.compute.amazonaws.com:8080/webAppZ
Then I bought a domain at 1&1 as domainXYZ.com
I bought SSL from sslmate.com for the domainXYZ.com
Now, my confusions come
We follow instructions from sslmate.com and do the same for httpd from Amazon EC2 but when I access https:// , the browser says errors as below
Your connection is not private
Attackers might be trying to steal your information from ec2-XX-XXX-XXX-XX.us-west-2.compute.amazonaws.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is ec2-XX-XX-XX-XX.us-west-2.compute.amazonaws.com; its security certificate is from www.domainXYZ This may be caused by a misconfiguration or an attacker intercepting your connection. Learn more.
Could you please advice me what things I missed or wrong.
Question #2: How come I re-direct from 1&1 to ec2-XX-XX-XX-XX.us-west-2.compute.amazonaws.com?
I do see we have options such as FramRedirect, or A record by changing DNS using IP
But I'm not sure which one I should use for HTTPS will be handled.
Thanks,
Nghia
You are making your life unnecessary difficult.
Just buy the domain using AWS Route 53 and link it to your Elastic IP.
As soon as your instance is reachable via the domain set up a certificate for free using LetsEncrypt and EFF's certbot.
Finally open HTTPS port via AWS console security settings.
Related
I acquired SSL certificate through some certificate authority and later installed on google cloud.
Still, my application is not accessible through https
www.eventic.in works but https://www.eventic.in don't work.
Can you please assist me in enabling https?
I want this site to be available only through https. Even if someone access without https, it should be redirected to https.
From the image I see you're configuring your certificates in Google App Engine Custom domains. Please note that Compute Engine (where is your VM) and App Engine are different products. Also it is possible that you're following this doc which is intended for App Engine and not for a VM.
Since you may want to set your certificates in a VM, those configuration remains on the Web server you're using (NGINX, Apache, etc). Also, checking your url https://www.eventic.in I'm sure the port 443 is not configured since this port is in general used for HTTPS.
You may want to look how to configure an SSL for the solution you have running in your VM
I have a website, example.com, that has a subdomain called play.example.com which hosts a multiplayer game on it.
Separately, I have an Elastic Beanstalk environment that hosts the game server (NodeJs backend), separate from the client build itself.
play.example.com connects to the game server over https, but is met with the error: ERR_CERT_COMMON_NAME_INVALID.
Steps I have taken:
1) Created an SSL certificate for *.example.com using AWS Certificate Manager
2) Added a listener to my load balancer that listens on port 443
3) Created an alias, type A IPv4 with the name play.example.com to the EB url
I understand the the error means that there is a name mismatch between the URL and the certificate, but isn't that what the alias is supposed to fix?
Thanks for any suggestions.
Okay, I've spent about a week now trying to fix these issues myself, and unfortunately Stackoverflow is full of people asking this question and nobody's giving answers.
Here's how I solved it, some of this might work for you too. It ended up being primarily configuration issues.
Your SSL cert is appropriate - I ended up hardcoding my subdomain ops.example.com but your wildcard shouldn't be an issue.
I read somewhere that AWS requires any DNS records to be of type CNAME, so I set up a basic CNAME record to redirect ops to my-site.my-aws-region-1.elasticbeanstalk.com
Then, what ended up being the linchpin to the whole thing was that in order to make HTTPS work, your load balancer has to be Listening for HTTPS on 443 and route to the instance via HTTP on 80.
Amazon was trying to tell me this, but because I was a noob and because their tutorials are some of the worst tutorials I've read in my entire career, they actually don't expose any of your secure ports to the internet. Which is actually fine because your traffic is encrypted all the way up to the load balancer, and then after that, even though it's not HTTPS anymore, it's all already on amazon's servers anyway so it's not any less secure.
Hope something in here helps!
I have spent 2 days trying various solutions breaking the stack multiple times... you are my only hope:)
I have setup Plesk on an aws instance and i'm using a webhost license.
Set up a hostname, issued a certificate with lets-encrypt, and works fine when accessing the admin interface on hostname.com:8443
Set up a client domain, issued certificate with let-encrypt, works fine for the front end but when i want to enter admin on clientdomain.com:8443 i get a privacy error. Same thing when trying to access admin with the server ip only as well. In both cases it tries to pull the certificate of "hostname" instead of the cert issued to the client domain.
The goal is to get clients clientdomain.com:8443 and server ip working with ssl or to redirect to hostname.com:8443
I would like to understand what's happening and how can i fix it.
Just in case someone stumbles across the same issue:
Currently this is not possible in Plesk (Obsidian18.0.27) but its being considered
As a temporary solution the best practice is to redirect all clientdomain:8443
requests to hostname:8443 and force https to ensure secure connection.
To achieve this follow these instructions:
https://support.plesk.com/hc/en-us/articles/115001421414
I am trying to use Azure Traffic Manager to load balance traffic between a website hosted on an Azure VM in 2 different regions (Europe and US).
The Azure Traffic Manager is setup happily with the DNS name mywebsite.trafficmanager.net
I have 2 end points setup with dns names mywebsite-uk.uksouth.cloudapp.azure.com and mywebsite-us.westus.cloudapp.azure.com
In order to setup a vanity domain I have a CNAME record pointing to
www.mywebsite.trafficmanager.net
When I go to http://mywebsite.trafficmanager.net or www.mydomain.com I get correctly routed to the closest site.
Unfortunately I am struggling when I try to get HTTPS / SSL working. I am attempting to use Let's Encrypt via the Certify SSL Certificate Management tool to issue an SSL certificate to each of the servers however I am getting the following error:
Validation of the required challengers did not complete successfully. Please ensure all domains to be referenced in the Certificate can be used to access this site without redirection.
I have created bindings in IIS for both mywebsite-uk.mydomain.com and www.mydomain.com, and an A record for mywebsite-uk to the ip of the web server and whenever I request a certificate that includes www.mydomain.com I get the error.
Has anyone got an experience with this type of setup? and more importantly any advice on what I am doing wrong? Would I be better biting the bullet and getting a paid for SSL certificate?
Many thanks in advance,
I have a https web app running on my aws ec2 instance.
https://ec2-52-91-100-69.compute-1.amazonaws.com/
I need to get a ssl certificate for the same so that the scary warnings do not appear.
How can I do this? I tried to buy a ssl from clickssl.com but their helpdesk emailed me with the following:
"You completed enrollment process for domain name
ec2-52-91-100-69.compute-1.amazonaws.com.
I believe you cannot get SSL for this domain name because root domain
name amazonaws.com is Amazon property."
If this is the case is there no way to get a ssl certificate for my application? I dont believe thats the case.
Any help will be appreciated.
First you need to register a domain through a registrar (e.g. GoDaddy or Amazon Route 53). Next you assign an Elastic IP to your EC2 instance and use your registrar's DNS tool to make your domain point to the Elastic IP address. Then you can request an SSL certificate for your own domain.
You do need to register a domain, or use a subdomain of a domain you already have registered. You do NOT need to use an Elastic IP - they are limited and eventually (if you use multiple domains in your AWS account) you will run out. Instead, you can use a CNAME to point to the AWS name (e.g., ec2-52-91-100-69.compute-1.amazonaws.com).
Once you have that set, use Let's Encrypt to get a free widely accepted certificate. There are plenty of tutorials on the installation process - try:
https://ivopetkov.com/b/let-s-encrypt-on-ec2/
Just noticed the original question is OLD - which means (among other things) that Let's Encrypt wasn't even an option at the time. But for anyone who stumbles across this question now, it is a great solution.