By using AWS re:Post, you agree to the AWS re:Post Terms of Use

How do I resolve the "CloudFront wasn't able to connect to the origin" error?

2 minute read
0

I use Amazon CloudFront to serve content, but my users receive the following HTTP 502 error: "CloudFront wasn't able to connect to the origin."

Resolution

HTTP 502 errors from CloudFront can occur because of the following reasons:

  • There's an SSL/TLS negotiation failure because the origin uses SSL/TLS protocols and ciphers that CloudFront doesn't support.
  • There's an SSL/TLS negotiation failure because the SSL certificate on the origin is expired or not valid, or because the certificate chain isn't valid.
  • There's a host header mismatch in the SSL/TLS negotiation between your CloudFront distribution and the custom origin.
  • The custom origin doesn't respond on the ports that are specified in the origin settings of the CloudFront distribution.
  • The custom origin ends the connection to CloudFront too quickly.
  • If the error code is NonS3IoriginDnsError, then there's a DNS configuration issue that isn't allowing CloudFront to connect to the origin.

For detailed instructions on how to troubleshoot these issues, see HTTP 502 status code (Bad Gateway).

Related information

Troubleshooting error responses from your origin

How do I troubleshoot a 502: "The request could not be satisfied" error from CloudFront?

AWS OFFICIAL
AWS OFFICIALUpdated 4 months ago
3 Comments

Concerning "There's a host header mismatch in the SSL negotiation between your CloudFront distribution and the custom origin.". This happens if the origin domain as api-gateway.example.com is not the same as the domain where cloudfront is accessed as example.com. To fix the error in that case do the following: CloudFront -> Distribution -> Behaviors, open the behavior for edit., under "Origin request policy - optional" select "AllViewerExceptHostHeader". Save and wait some time for the changes to apply. I do not remember how long it took. Could be 1 minute or 15 minutes.

replied a year ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
EXPERT
replied a year ago

@David your hint saved my day...

replied a year ago