Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Cloudfront and Classic Load Balancer SSL certificate mismatch

0

I have a Vuejs app stored in a S3 bucket, with a Cloudfront distribution pointing to that static-website enabled origin. I have domain names "mydomain.com" and "*.mydomain.com" (registered with Route53) as the Cloudfront Distribution's Alternate domain names. I can access https://mydomain.com on the internet; I have Route53 records pointing to the Cloudfront distribution's domain, and the Custom SSL certificate set as one created through AWS Certificate Manager (ACM).

Now, my backend server is hosted on a ec2 instance, and does not handle https. I have set up a classic load balancer in front of the ec2 instance to take the HTTPS requests and forward it as HTTP to my ec2 instance. The health checks pass at Ping Target "HTTP:8080/", and so the listener is set to take HTTPS from Load Balancer Port 443, and to forward it as HTTP on Instance Port 8080.

The Cloudfront Distribution and the Load Balancer share the same SSL certificate, and the certificate has domains "mydomain.com" and "*.mydomain.com". When the frontend client (from https://mydomain.com) makes a network request to the DNS of the load balancer, why does the browser give net::ERR_CERT_COMMON_NAME_INVALID error? The Cloudfront distribution and the load balancer share the same SSL certificate with the correct names, don't they?

Argomenti
Networking e distribuzione di contenutiSicurezza, identità e conformità
Tag
Equilibratore di carico elasticoAmazon CloudFrontAmazon Route 53Gestore certificati AWSEquilibratore di carico classico
Lingua
English
brian
posta 9 mesi fa352 visualizzazioni
1 Risposta
2
Risposta accettata

Hello.
Is the access from Cloudfront to the Classic Load Balancer accessed by the domain used by ACM?
I think that the domain that is configured for Classic Load Balancer must be configured as a subdomain of "mydomain.com" to be able to use the ACM certificate.
Also, can you confirm that access to the Classic Load Balancer is normal when accessing it directly with HTTPS?
Please review the following documents for general troubleshooting instructions.
https://repost.aws/knowledge-center/cloudfront-https-connection-fails

profile picture
ESPERTO
Riku_Kobayashi
con risposta 9 mesi fa
profile picture
ESPERTO
Oleksii Bebych
verificato 10 giorni fa
profile pictureAWS
ESPERTO
Didier_Durand
verificato 9 mesi fa
profile picture
ESPERTO
JimmyDqv
verificato 9 mesi fa
  • brian
    9 mesi fa

    I think the domain used by ACM is accessing the CLB, though I'm not sure how to check that. Would I create that subdomain on route53, point records to the DNS of the load balancer, and also add that subdomain to the SSL certificate? I am not able to access the CLB directly with HTTPS. Edit: I created a subdomain with route53, and can now access the CLB directly with HTTPS. But the certificate already included *.mydomain.com

  • Riku_Kobayashi ESPERTO
    9 mesi fa

    Once the domain is set up on the load balancer, the certificate issued by ACM must be configured. Please refer to the following document for the setup procedure. https://repost.aws/knowledge-center/associate-acm-certificate-alb-nlb

    Also, CloudFront should point the origin setting to the domain configured in the CLB.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente