AWS Elastic Beanstalk HTTP to HTTPS not working
I have a elasticbeanstalk (EB) application and when I go to its HTTP url (the default) I can open the app!
I want 2 things:
- Open the url on HTTPS
- Instead of having the EB generated random URL/endpoint - I want to host it on route53 on my own chosen domain.
I cannot get 1 nor 2 to work.
For 1, these are my load balancer configurations:
The https is pointing to this target group (which is pointing to the ec2 instance at port 80):
Now, in my EB configurations I have this:
Both the listeners are enabled.
Now when I open my EB endpoint I get:
I clicked on the "Not Secure" and saw that it was saying "Certificate invalid"
Even when I open the ALB endpoint (DNS) directly in browser I get same "Not Secure" and "Invalid Cert" like above^^
So, I am not sure why this is happening even though I have the right ACM cert for *.example.com also attached to the listener.
I also have port 80 and port 443 opened both on instance and load balancer security group.
Once, I can figure out 1, then I also want to figure out 2.
For 2, I have a route53 zone for example.com and the ACM cert is for *.example.com
The domain I want the EB endpoint to point to is eb.example.com
So in Route53 I created an A record for the ALIAS to point to the load balancer of my EB and its endpoint (DNS).
but when I open the eb.example.com I see:
Now this could be happening because https not working on the original EB endpoint (1) but I also tried CNAME and it still didnt work.
what am I missing?
Any help would be appreciated. Thanks
The first issue, the browser saying the connection is not private, is due to you going to the Elastic Beanstalk URL, instead of your custom domain name. The SSL certificate is for your custom domain name. The browser will only accept the SSL certificate when the domain name in the certificate matches the domain name in the browser's address bar. You really needed to get the second issue (custom domain name) working before you tried to setup the SSL stuff.
Regarding the second issue, the DNS_PROBE_FINISHED_NXDOMAIN error means your web browser can't find any DNS records for that domain name. That indicates there is something wrong with your Route53 configuration. I would start by going here, and checking if the domain name can be found.
From your update, I would note that you also appear to be using Cloudflare. Cloudflare is a DNS service, so you probably need to update the DNS records in your Cloudflare account and stop trying to use Route53. You can't have two authoritative DNS servers for the same domain name at the same time, and Cloudflare appears to be the authoritative DNS server for your domain name. The SSL certificate you are using also appears to be a Cloudflare origin certificate, which will never work directly in a web browser anyway. The Cloudflare origin certificate will only work for Cloudflare origin requests, when you go to a domain name that is proxied by Cloudflare (orange cloud icon on the DNS record in Cloudflare).
- What does "eksctl create iamserviceaccount" do under the hood on an EKS cluster?
- Reporting AWS Tools RDS or Redshift?
- Configure Selenium Nodes without a JSON file
- How to bypass expectation of S3 server 100-contiune response in Boto3 put_object method
- Deleting Perforce depot from AWS EC2 server does not free up space on EC2
- Middy is not getting a secret from Secret Manager in a NodeJS AWS Lambda
- Can I include a display name when sending email from the AWS SES Javascript v3 SDK?
- Is it possible to add fields to struct in an existing AWS Athena table?
- AWS SNS - Message missing a phone number
- How to run a one-off task on AWS ECS Fargate?
- AWS FIFO queues subscription with SNS: passing message group id
- AWS CLI to get all matching CloudFronts using the "--query" option?
- What is the best way to read a csv and text file from S3 on AWS glue without having to read it as a Dynamic daataframe?
- Why is CloudFormation saying AlreadyExists when creating a AWS::ApiGateway::Authorizer
- AWS sts assume role in one command
- GetSecretValue, get identity: get credentials: failed to refresh cached credentials
- Does PutACLAsync make a copy of an object?
- How to use AWS CodeArtifact *within* A Dockerfile in AWSCodeBuild
- AWS CodeBuild: Accessing CodeCommit repository in another account?
- AWS Java SDK SSL Certificates
- How can I use AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to perform actions in AWS through a Jenkins pipeline?
- Syntax error when executing Invoke-DDBQuery to fetch dynamodb record using Powershell
- How can I delete a specific record from my AWS Glue table?
- Start cfn-init in Ubuntu instance with cloudformation (yaml)
- How to check ephemeral storage that is allocated to EKS node
- Permission Error Running Container in AWS CodeBuild
- retrieve list of urls from Amazon S3 bucket using R
- New volume in ec2 instance not reflecting
- How to allocate GPUs on AWS Free Tier?
- Get source repo commit hash in AWS code build step