We have the ssl certs from symantec and have added them to the LB in aws which is currently holding one ec2 instance. We are also using route53 for dns. https://domain.com isn't working, port 80 is ok. I've verified my security groups are allowing 443 for ec2 and lb.
I've been using www.wormly.com to test SSL and notice that the domain.com fails but the FQDN of the load balancer passes "green" for the certs but not the domain.com...
Does the csr need to use the FQDN of the aws load balancer?
There were residual dns records that had to be updated on godaddy unbeknownst to me due to my not having initially purchased the domain.
Related
I am working with Load Balancing to have https to my static website and I have my domain in GoDaddy
I created a LoadBalancer with
Backend configuration: To my Cloud storage buckets & enabled CDN.
Frontend configuration: Https having static IP I have enabled
Google-managed SSL certificate with my domain example.com which is in GoDaddy.
Do I need to do any configuration in GoDaddy like pointing, After 10-20 min I get FAILED_NOT_VISIBLE in domain status
I am new and don't know how to link.
In google docs I can see DNS records for your domain must reference the IP address of your load balancer's target proxy, Can someone help me to understand.
https://cloud.google.com/load-balancing/docs/ssl-certificates?hl=en_US&_ga=2.190405227.-1195839345.1570257391#certificate-resource-status
Finally I fixed it, We need to point the Static IP to DNS in my case I have in GoDaddy, It took some time to point DNS and then it took time for my Google-managed SSL certificate to turn green.
Once it's done I hade an issue with err_ssl_version_or_cipher_mismatch for this we need to add Policy to tell LB to use TLS 1.2 but in my case it automatically resolved in 10 min.
We can Point DNS in two ways one by directly adding Static IP to A record in GoDaddy other is by creating a Cloud DNS in GCP and point Nameserver in Godaddy.
We must establish a link to confirm our DNS with Static IP of LB so that the SSL turns Green after confirming Domain status.
I bought a godaddy domain and managed to map it to the lightsail ip address.
I used "let's encrypt" certbot to issued a license to that domain name. Successful.("Congratulations! You have successfully enabled https://jacky2020.com")
http works, https still doesn't.
Tutorials on Amazon website does not seem to work on the basic account($5/month)
Have you opened up port 443 / https in the Lightsail firewall for that instance?
Scenario: I have an EC2 instance which hosts the api's.
I am using elastic ip for ec2 instance.
This is the url where I can access to my apis.
ec2-xx-xxx-xx-xxx.us-east-2.compute.amazonaws.com
I want to add ssl to this url
please guide how to add ssl to my ec2 instance
You can't have ssl certificates for *.amazonaws.com, you need to have custom domain and for that domain you can have ssl certificate, basically for getting ssl certificates you need to have DNS control of that domain or your one of the emails should be listed in WHOIS lookup, both not possible for amazonaws.com
I am very new to load balancers. I have just set one up that listens on SSL. I also created an EC2 instance and added it to the target group of the "Application Load Balancer". The target group is also connected by SSL.
I have installed apache on the EC2 instance and placed an index.html file in the /var/www/html directory.
I would have thought typing the load balancer associated domain address (www.example.com) would route me to the index.html file of the EC2 instance (which is the only target). However I am getting a Bad Gateway 502 error.
Initially I only had SSH inbound rule on the EC2. I opened up 443 for HTTPS but that didn't make a difference.
Do I need to install a certificate for the SSL on the EC2 as well as the load balancer? And do I need to open any additional ports?
Very new to this all and not sure how the load balancer communicates with the EC2 instance. Hoping that it would be internal so that the EC2 instance was not at all exposed in isolation.
So many things can go wrong here but (assuming that you have correctly configured the load balancer) I think what you have should work if you add HTTP listener to your load balancer, change your target group's protocol to HTTP (because the load balancer talks to the EC2 over HTTP), and then, add something like this to your .htaccess:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
You can read more here.
Install the SSL certificate on the load balancer instead of the EC2. The EC2 does not need its own SSL certificate.
Here are the steps to add HTTPS to a application load balancer:
When you try to set up HTTPS inbound to the load balancer it will give you a section called "ACM" click into that to get a SSL certificate
The ACM page will give you a section to create a new SSL certificate. You will need to input the domain name and some details, afterwards it will give you a CNAME record. You need to go to your domain's DNS settings to add that new CNAME record.
Once you create a SSL certificate with ACM you'll be able to use that on the load balancer, go back to the HTTPS listener and use that new SSL certificate
Then make sure your load balancer security group allows inbound to 443 port.
After that https should work on the load balancer
Note:
I would only set up https after I get http working first on the load balancer and it is directing to the right ec2.
Since the target group for http and https is the same, you want to make sure the target group is working before messing around with https.
That way you won't have two problems to deal with at the same time (https + incorrectly configured target groups/http). It'll allow to tackle each item step by step.
Hope that helps!
I have:
ELB 1 with few ec2 instances attached:
- example.com
- subdomain1.example.com
- subdomain2.example.com
ELB 2 with few ec2 instances attached:
- subdomain3.example.com
subdomain4.example.com
All domains\subdomains should have https.
It is okay for me to keep non-secure connection between instances and load balancer.
Is this possible to have more than one subdomains on one loadbalancer or I have to keep one loadbalancer for one subdomain?
If all domains and subdomains should have HTTPS, your best move is to deploy a SSL certificate for those domains/subdomains in the ELB and configure SSL termination at it. That being said, you are able to add multiple SANs (Subject Alternative Names) to your SSL certificates, making your ELB respond to multiple domains/subdomains over HTTPS.
This way, the traffic between your ELBs and your instances won't be over HTTPS, but you said that is not a problem. Actually, this is pretty much the default configuration on ELBs when HTTPS is needed.