AWS re:Post Knowledge Center Feedback Survey

Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.

How do I resolve the "CloudFront wasn't able to connect to the origin" error?

2 minute read

I want to troubleshoot why my users receive the "CloudFront wasn't able to connect to the origin" error.

Resolution

"HTTP 502" errors from Amazon CloudFront might occur for the following reasons:

There's an SSL/TLS negotiation failure because the origin uses SSL/TLS protocols and ciphers that CloudFront doesn't support.
There's an SSL/TLS negotiation failure because the SSL certificate on the origin expired, isn't valid, or is self-signed. Or, the certificate chain isn't in the correct order.
There's a host header mismatch in the SSL/TLS negotiation between your CloudFront distribution and the custom origin.
The custom origin doesn't respond on the ports that you specified in the origin settings of the CloudFront distribution.
The custom origin ends the connection to CloudFront too quickly.
The origin isn't publicly resolvable. If you receive a "NonS3OriginDnsError" error message, then there's a DNS configuration issue that doesn't allow CloudFront to connect to the origin.

For information about how to troubleshoot these issues, see HTTP 502 status code (Bad Gateway).

Related information

Troubleshooting error response status codes in CloudFront

How do I troubleshoot a 502 "The request could not be satisfied" error in CloudFront?

Topics: Networking & Content Delivery
Tags: Amazon CloudFront
Language: English

Related videos

Watch Gabriela's video to learn more (9:30)

AWS OFFICIALUpdated 6 months ago

3 Comments

Concerning "There's a host header mismatch in the SSL negotiation between your CloudFront distribution and the custom origin.". This happens if the origin domain as api-gateway.example.com is not the same as the domain where cloudfront is accessed as example.com. To fix the error in that case do the following: CloudFront -> Distribution -> Behaviors, open the behavior for edit., under "Origin request policy - optional" select "AllViewerExceptHostHeader". Save and wait some time for the changes to apply. I do not remember how long it took. Could be 1 minute or 15 minutes.

David - inouiw on github

replied 3 years ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

EXPERT

AWS Official

replied 3 years ago

@David your hint saved my day...

Zain

replied 3 years ago

Relevant content

Hi. I need help ASAP for a 502 error connecting the CloudFront - CloudFront wasn't able to connect to the origin.
Accepted Answer
G
asked 3 years ago
CloudFront 502 Error - Previously working setup with a Google Cloud Run origin suddenly starts failing, experienced across 2 separate google accounts and servers, the common denominator is CloudFront.
Spencer
asked 7 months ago
When I try searching up my site i get 502 error cloudfront failed to establish a connection with the origin.
rePost-User-4811630
asked 2 years ago
When I try searching up my site i get 502 error cloudfront failed to establish a connection with the origin.
rePost-User-1069234
asked 3 years ago
502 - Bad Gateway : CloudFront wasn't able to connect to the origin
Theodore R
asked 2 years ago
How do I troubleshoot a 502 "The request could not be satisfied" error in CloudFront?
AWS OFFICIALUpdated 7 months ago
Why does my application fail on CloudFront when I can use the application from a custom origin?
AWS OFFICIALUpdated a year ago
How do I troubleshoot issues related to Amazon EC2 origins in CloudFront?
AWS OFFICIALUpdated a year ago
How do I troubleshoot 502 and 503 errors that Lambda@Edge functions cause in CloudFront?
AWS OFFICIALUpdated 4 months ago
Troubleshoot 403 Access Denied error in Amazon S3
EXPERT
Gayathri Krishnamoorthy
published 3 years ago