Hello Guys I have a WordPress site called BrandBrahma.com which is using EC2 instance. Few days back our SSL certificate is expired which was provided by Letsencrypt. This time I tried configure SSL certificate from AWS certificate manager and I did following things: 1. I created a New SSL certificate using Certificate Manager 2. I created load balancer at my EC2 instance 3. I created security group for this 4. Associated newly created SSL certificate to that load balancer. After all the above steps still the website is showing not secured error (SSL expired). It clearly looks like I am unable to configure SSL in AWS. So, I request you to help me fix this as soon as possible. Thank You in Advance.

Unable to configure ACM SSL certificate

Hello Guys

I have a WordPress site called BrandBrahma.com which is using EC2 instance. Few days back our SSL certificate is expired which was provided by Letsencrypt.

This time I tried configure SSL certificate from AWS certificate manager and I did following things:

I created a New SSL certificate using Certificate Manager
I created load balancer at my EC2 instance
I created security group for this
Associated newly created SSL certificate to that load balancer.

After all the above steps still the website is showing not secured error (SSL expired). It clearly looks like I am unable to configure SSL in AWS. So, I request you to help me fix this as soon as possible.

Thank You in Advance.

トピック

計算するセキュリティ、アイデンティティ、コンプライアンス

タグ

Amazon EC2 AWS Certificate Manager

言語

English

Brand44

質問済み 1年前306ビュー

2回答

新しい順
投票が多い順
コメントが多い順

これらの回答は役に立ちましたか？コミュニティがあなたの知識を活用できるように、正解に賛成票を投じてください。

承認された回答

Have you updated the record for BrandBrahma.com to point to the load balancer, and no longer to the EC2?

And are you now terminating the HTTPS connection on the load balancer, and having it do the SSL offloading? So it's HTTPS over port 443 as far as the load balancer, and then plain HTTP over port 80 beyond the load balancer to the EC2 (no cert required).

エキスパート

Steve_M

回答済み 1年前

エキスパート

Riku_Kobayashi

レビュー済み 1年前

エキスパート

Gary Mclean

レビュー済み 1年前

Hi RWC

Yes, I have created an alias record for the load balancer.

I did not understand the next sentence, are you asking about the target group?

Brand44

回答済み 1年前

Steve_M エキスパート
1年前
Yes. Users hit the load balancer address on port 443, the load balancer presents its cert to the client device, that's SSL taken care of (SSL terminates on the load balancer).

It's safe for connections from the load balancer to the back end EC2(s) to use plain HTTP on port 80. So the EC2 instance(s) need to be listening on port 80, and the listener and target group need to be configured for port 80 https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-getting-started.html#configure-target-group

Users' connections will only ever go as far as the load balancer, which is HTTPS with the cert from ACM, so their connections are always protected.

Unable to configure ACM SSL certificate

関連するコンテンツ