domain.com:80 is working fine
But www.domain.com:80 is giving this error
sent an invalid response. ERR_SSL_PROTOCOL_ERROR
SSL is from AWS ACM and load balancer listeners along with route 53
What i am missing here??
It seems you have added only domain.com as your Fully qualified domain name.
You can add additional fully qualified domain name (FQDN), such as www.domain.com, or You can also use an asterisk (*) as a wild card in the leftmost position to protect several site names in the same domain (*.domain.com)
And one more thing is default HTTPS(SSL) port is 443 not 80
Related
i have domain for example, example.com so,
http://www.example.com ( works ),
https://www.example.com ( works ),
http://example.com ( works ),
https://example.com ( does not work)
so how can i make https://example.com work ? i have two ports listening on my aws elastic beanstalk i.e. 80 and 443, and only 443 has ssl on it, and any request coming to port 80 is forwarded to 443, any help regarding it is appreciated... thanks in advance
I assume you are using ACM certificates?
If so: do you have multiple domain names (www.example.com and example.com) defined for the certificate?
You can also set Wildcards like *.example.com
See more here:
https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
Refer to https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
Note
When you request a wildcard certificate, the asterisk (*) must be
in the leftmost position of the domain name and can protect only one
subdomain level. For example, *.example.com can protect
login.example.com and test.example.com, but it cannot protect
test.login.example.com. Also note that *.example.com protects only the
subdomains of example.com, it does not protect the bare or apex domain
(example.com). However, you can request a certificate that protects a
bare or apex domain and its subdomains by specifying multiple domain
names in your request. For example, you can request a certificate that
protects example.com and *.example.com.
I have a a word press website running on an EC2 instance with an application load balancer in front of it.
I also have a certificate from AWS certificate manager for "example.com". This certificate is attached to the ALB "HTTPS" listener.
I also have two route 53 records, one alias to the ALB and another alias to redirect "www" traffic:
example.com. A ALIAS dualstack.[id].us-east-1.elb.amazonaws.com.
www.example.com. A ALIAS example.com.
My issue is when trying to access the website, everything is fine except when path parameters are provided, in that case I get the "Your connection is not private" browser error. See example warning here: https://prnt.sc/opip7d
example.com (Everything is fine, page is loaded properly)
www.exemple.com (Everything is fine, I get redirected to exemple.com and page loads)
www.exemple.com/test (NOT fine, I get the "Your connection is not private" warning)
Can anyone shine light on why this would be happening? Shouldn't route53 automatically redirect any traffic regardless?
You can use listeners rules of AWS ALB to redirect:
HTTP 80: default action
IF Requests otherwise not routed THEN Redirect to HTTPS://#{host}:443/#{path}?#{query}
Status code:HTTP_301
HTTPS:443
IF Host is www.example.com THEN Redirect to HTTPS://example.com:443/#{path}?#{query}
Status code:HTTP_301
I deployed my application in AWS ec2 instance and it is working well with instances's IP address. Instead of using IP address I bought a domain from godaddy and connected to my ec2 instance with load balancer and target group. And also generated a SSL certificate for https. Now my domain http://example.com is working fine but while I changed http to https it is working with port number like https://example.com:5005
How can I remove that port number in url? Do I need to add anything in target group or load balancer?? Can someone help me to resolve this.
thanks in advance!
If you don't provide the port number in the URL , the standard port for the protocol is used, which in your case will be 443 for https.
You need to create a standard HTTPS listener on your load balancer, which can forward the traffic recevied on 443 to your instance(s) port 5005 as part of the target group.
I have a slight problem with SSL.
Currently if I were to route to my domain as example.com, it goes to the http version instead of the https version.
However, if I were to force https://example.com, it stays as https://example.com
I'm wondering what I have to do on the certificate manager side of AWS to get https working when I type in example.com without the https.
I have already configured my route 53 aliases for my domain to route to my elastic beanstalk url. I also have an SSL certificate for my domain example.com and *.domain.com that were both validated successfully, that are Amazon issued and also In Use.
Have you tried redirecting http traffic (80) to https (443)? This answer contains the steps
For ALBs, you can follow the below steps,
1.Add lister for https and forward the traffic to the target group
2.Add Lister for http and forward the traffic to https
Final Setup:
I used the AWS certificate manager to create an ACM certificate.
I followed this guide: https://medium.com/#arcdigital/enabling-ssl-via-aws-certificate-manager-on-elastic-beanstalk-b953571ef4f8#.kjh1mqdzq to configure the load balancer using the aws cli.
When I look at my load balancers, I now see 443(HTTPS, ACM Certification:[arn]) forwarding to 80 (HTTP) under Port Configuration
However, if I type in https in my browser I get the "your connection is not private" message from chrome.
Is there another step that I'm missing?
You haven't given this info, but I'm assuming you have a CNAME for www.yourdomain.com that is resolving to loadbalancer.amazonaws.com.
You are getting the ERR_INSECURE_RESPONSE error because you are using a CNAME which is resolving to loadbalancer.amazonaws.com. Since your certificate is for www.yourdomain.com, it is giving a valid error. CNAME and Alias operate slightly differently. With a CNAME the traffic is not a valid alias of your domain so if you're trying to secure it, you will receive errors. However, when you create an A record for www and alias that to loadbalancer.amazonaws.com now any traffic from loadbalancer.amazonaws.com on www.yourdomain.com is valid traffic for your domain and you will no longer have those errors.
In order to terminate secure traffic for www.yourdomain.com at loadbalancer.amazonaws.com you need to have an A record that will alias there. Unfortunately, ELB's only provide a DNS entry, no IP address, but many DNS providers (ie GoDaddy) will not allow you to have a DNS A record that is aliased to a DNS address; they require you to alias to an IP address. Which makes life a bit more complex.
There are a couple ways to accomplish this (URL forwarding and masking is not supported by SSL), but the easiest solution is to use Route 53. Use of Route 53 doesn't require you to register or transfer your name to AWS and a hosted zone is just $0.50/month per domain.
To use Route 53 follow these steps:
Create a Hosted Zone for yourdomain.com. When you create a Hosted Zone in Route 53 it will complete a few default records (like an A, NS, and SOA records). Note the NS records as you'll need them later.
Next copy your existing zone file entries (like MX records) from your current DNS provider to your new hosted zone.
When it comes to a record that you want to direct traffic for to your ELB you'll enter the name, say www, and then just below the type option field you'll see a radio option that says "Alias: yes no". - - When you select yes, the value field will disappear and you'll see an option that says "Alias Target: Enter Target Name". When you click that field you'll receive a drop down list of resources in your account that you can alias to. Simply select your load balancer.
Click create, and you're done with Route 53.
Now that all your dns records are copied over, and you'll go to your registrar and change the nameservers to the ones that Route 53 provided you.
Now Route 53 is handling your DNS for you. And loadbalancer.amazonaws.com is a valid alias of www.mydomain.com. Since loadbalancer.amazonaws.com is now a valid alias of www.yourdomain.com when you visit www.yourdomain.com your ELB at loadbalancer.amazonaws.com will terminate the traffic as www.yourdomain.com and your error will be resolved.