Search code examples
amazon-web-servicessslamazon-ec2httpsamazon-route53

AWS EC2 Spring Boot Deployment - SSL/HTTPS Error after Configuring Route 53, ACM, and GoDaddy

I have deployed a Spring Boot application on an AWS EC2 instance, and I’m trying to access it via a custom domain I purchased from GoDaddy. However, I am encountering an issue when trying to connect via HTTPS.

Here’s what I’ve done so far:

  1. EC2 Setup: I’ve successfully deployed my Spring Boot application on an EC2 instance. The application works fine when I access it directly via the public IP over HTTP.

  2. Domain and DNS Configuration:

  • I purchased a domain through GoDaddy.
  • In GoDaddy, I changed the name servers to point to AWS Route 53.
  • I created a hosted zone in Route 53 for my domain.
  • I added an A record in Route 53, pointing to the public IP address of my EC2 instance.
  1. SSL/ACM Configuration:
  • I registered an SSL certificate using AWS ACM (Amazon Certificate Manager) for my domain.
  • The certificate was issued successfully, and I’ve verified that the domain is properly linked.
  1. Security Groups:
  • I have updated my EC2 security group to allow inbound traffic on port 443 (HTTPS).
  • Port 80 (HTTP) is also allowed.

I expected my application to be accessible via HTTPS, but when I try to access my application using the domain (e.g., https://api.mydomain.com) in Postman or a browser, I get the following error in Postman:

Copy code Error: connect ECONNREFUSED 13.49.000.000:443

Here’s what I’ve tried so far:

  • Verified that the EC2 instance is running and accessible via HTTP (port 8080).
  • Double-checked the security group rules to ensure HTTPS traffic is allowed.
  • Ensured the domain points correctly to the EC2 instance using Route 53.
  • From my understanding, the issue could be related to SSL or the configuration of port 443.
Solution

  • You have created an SSL certificate in ACM, but you haven't attached that SSL certificate to anything. Just creating an SSL certificate doesn't magically make SSL work for that domain. You have to actually configure the servers to serve the SSL certificate.

    Unfortunately, since you are pointing your domain directly to an EC2 server, you can't use the SSL certificates provided by AWS ACM at all. The certificates provided by ACM are only usable with AWS load balancers, CloudFront distributions, and AWS API Gateways.

    If you want to continue with your current infrastructure, without adding one of those AWS services in front of your EC2 server, then you will have to obtain an SSL certificate in some other way, like through Let's Encrypt. Once you obtain that SSL certificate, you will have to configure Spring Boot to listen on port 443 and serve that certificate.