- Newest
- Most votes
- Most comments
Hi, The general traffic path for what i think you are running is:
Cloudfront->application load balancer (ALB) -> EC2 virtual machine
What I'm guessing you have done is replace the certificate just in the EC2 machine and nothing else has changed?
If thats the case then the certificate must be the likely problem here - is the name on the certificate exactly the same as it was before? Does the certificate include any root/intermediate certificates in it (appreciate that may not make sense to you - but it's basically the 'parent' certificate that is trusted that approves your child certificate. Easiest way to tell if that may be the case is to check the old/new certificate file sizes - are they about the same?
Did the certificate import OK into your webserver on EC2? you using IIS?
Are you able to browse to the website OK directly on the local EC2 machine - does the certificate show warnings there?
Cheers, Rich
Hi again, What are the warnings being shown in the browser on the EC2 machine? - that's maybe going to give us the biggest clue what is wrong.
In terms of S3 - it is possible to have cloudfront pointing at S3 and run the website from there (can only be static content though - so nothing more than fairly simple content with no real user interaction). The fact that you are replacing a previous cert in EC2 would seem to rule that out that as being used though (although there could be other content it's pulling in from there that would not cause cloudfront to behave like this).
You can confirm for certain what cloudfront is pointing at that by going into the AWS console searching for 'cloudfront' - once you find that click on distributions (I'm hoping you just have 1) - and then click on the origins tab - this will show you where it's pointing at (EC2 - via an ALB or S3).
Cheers, Rich
Relevant content
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 4 months ago
Hi Rich, Thanks for your answer. Foe your information, the name on the certificate is exactly the same as the last one. Also I cannot check the sizes of the certificate and there seems to be no intermediate certificates in it. I am not using IIS and the certificate did import ok into the web server. When you go through the ec2 machine, It does show warnings there. I went on a SSL check and put the domain name in (unisalad.com) and everything seemed to be working good. I was told by someone that the traffic path that supposed to be taken is through AWS S3 but this doesn't make sense. Can you try to make any sense of it please? Thanks again.