By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Trying to configure an external SSL certificate for EC2 load balancer

0

Hi all,

I am trying to add a ZeroSSL certificate to an AWS Load Balancer for a site hosting on an EC2 instance, but more than a week later, both my domain and the IP are not showing a secure connection in the browser.

This is what Chrome says when going to the EIP connected to the instance: Enter image description here

On the domain, it says "This site can’t provide a secure connection".

The website consists a React.js app, hosted by an Nginx static server on port 80, using a Docker container.

The Load Balancer type I choose is an Application LB, and the scheme is internet-facing. Here is a screenshot of the resource map: Enter image description here

And the security group opens port 80 and 443 to all:

Enter image description here

Any help would be much appreciated. Thanks so much!

Topics
ComputeNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
Website HostingElastic Load BalancingAWS Certificate Manager
Language
English
matangbr
asked a month ago493 views
2 Answers
1
Accepted Answer

Hi @matangbr,

I assume that you have your reasons for using ZeroSSL certificates.

The response from Chrome on connecting to the EIP is expected and correct as the certificate is issued for the domain and not for the IP address. No surprises there.

You might be getting an insecure connection error on the domain because the certificate you imported is invalid or corrupt. I recommend re-importing the certificate on the ALB and it should resolve the issue.

You are not using best practices in configuring security groups. While too many security groups might create performance issues, having just one security group open to all is a very insecure practice. Consider creating a separate security group for SSH and lock it down as much as possible.

Hope this helps.

profile picture
Mukul Dharwadkar
answered a month ago
0

Why don’t you use an AWS certificate as they are free?

Are you connecting to the ALB as your security group rules allow port 22 with I presume would be for the EC2. That too is bad in its own.

You also mention your connecting via IP. If that’s the EC2 IP then your not using the ALB.

Can you confirm your connecting to the alb and what DNS name?

profile picture
EXPERT
Gary Mclean
answered a month ago
profile picture
EXPERT
Sedat Salman
reviewed a month ago
profile picture
EXPERT
Riku_Kobayashi
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content