My SSL working fine on AWS (https://786times.com). I delete ELB a few days ago,But after this I face SSL issue on my website.Everything looks fine like ec2, cloudfront,hosted zone DNS records,Please give me solution?
I make SSL again through Certificate Manager of AWS using DNS validation method and include in Cloudfront also.
but still not working SSL with my website.
Any one Guide me.
I am using Wordpress Bitnami.
Thanks
786times.com#gmail.com
I Expect from Technical friends that they reply.
Related
I have an issue I've been working on in aws. I have a website made for a friend and can't seem to get the connection secure. What I used is the certificate manager in aws and have received a certificate for my domain. Here's one of the links I used as an example. https://aws.amazon.com/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/ I have followed examples online but they seem to be for load balancer's. What I'm a missing?
I found a useful tutorial and I share it with you how to setup your domain with s3 Bucket and CloudFront from AWS https://www.youtube.com/watch?v=uwgB_sIhIko&t=321s
I have an instance built with ubuntu 16.04, it has 2 applications (no bitnami)
I setup the vhost pointing two differenst website and it works fine
but now that I'm trying to validate the ssl certificate I've been struggling
first, at all, I would like to know if can set it up without using the Load Balancer ?
in the AWS lightsail ssl documentation they only mention the load balancer but I also have a domain with an SSL certificate (I have my domains on namecheap )
I try certbot, looks like people setup without Load Balancer but using the steps from the bitnami documentation.. but I'm not using bitnami
config everything following the steps from https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache tested out on https://www.ssllabs.com/ssltest/ but I couldn't make it work, it only does the http redirect to https...but the https show the herror This site can’t be reached
I didn't setup any DNS I didn't see any turials using it just in the aws lightsail ssl
run apachectl configtest
no errors
I create a rule on my firewall for
http port 80
https port 443
what else can I look at?
I'm really confused and dont know what's the problem
Really appreciate
At the most basic level, SSL is a function of the web server. You can absolutely use SSL with lightsail without a load balancer.
I've used LetsEncrypt quite a lot with my lightsail instances.
certbot-auto automates the process quite nicely.
You need to verify that the certificates are setup in your apache configuration.
Take a look at https://community.letsencrypt.org/t/apache-configuration-example/2338 for an example.
I have created a subdomain demo.mysite.com which is hosted over godaddy.com. I have successfully mapped the subdomain demo.mysite.com to my AWS elastic IP in the go daddy console
On my AWS EC2 instance my website is secured runing over HTTPS and I have deployed the certificates corresponding to demo.mysite.com on my AWS EC2 instance. Now the problem I am facing is
1 - When I access my subdomain it points to my EC2 instance and the URL in my web browser changes to my Elastic IP ie www.demo.mysite.com --->> https://201.12.34.58:8443/myApp , which must not happen and it must remain as https://demo.mysite.com
2 - And since my URL changes so I start getting the certificate error saying
The certificate is only valid for demo.mysite.com.
Error code: SSL_ERROR_BAD_CERT_DOMAIN
Can someone help in solving these two issues, I feel that if first issues gets solved the second issue will automatically get solved. I am not sure though
Guys I need your help
I suggest to manage your domain DNS with CloudFlare. Add a CNAME record for your subdomain demo which points to that IP. On CloudFlare Console go to Crypto > Origin Certificates. Create a new one with RSA, then import it to AWS Certificate Manager at us-east-1. For the certificate chain use this. Be sure that Always use HTTPS in Crypto tab is on. After some minutes you should be using your domain pointing to AWS with HTTPS working fine.
That's what I did to make a subdomain to work with an AWS API endpoint with SSL.
my team is creating an app that involves sharing bank details. For a feature that involves instant verification of bank accounts, we have used a third party vendor, Dwolla, who provide a secure interface for entering the bank account details.
This is from Dwolla:
https://developers.dwolla.com/resources/dwolla-js/instant-account-verification.html
Our app is hosted on AWS Server, EC2 instance on iis, S3 storage.
First, do I need to install SSL on AWS server?
If yes, how should I do it?
I have been looking for answers everywhere, but I can't find an exact resolution.
Please help.
To install the SSL certificate, it will depends on some specifics of your environment:
If you use a single instance with IIS you must adquire a SSL certificate from a external CA. It will cost you some money and they will guide you how to request and emit the certificate. With the certificate emitted you'll need to upload it to your os and configure the IIS to use it;
If you use a pool of instances behind a load balancer provided by AWS you can request a certificate from AWS for free and configure the load balancer to use the emitted certificate (https://aws.amazon.com/certificate-manager/?nc1=h_ls).
If you do not use a AWS load balancer, you can create a AWS CloudFront Distribution (https://aws.amazon.com/cloudfront/), use your IIS as origin and configure your free AWS Certificate in the distribution.
We started using PKISharp win-acme to get free LetsEncrypt SSL certificates for our IIS in EC2 and it works like a charm, auto-renew every 2-3 months without issue, very easy to setup from "dos" prompt (run as administrator)...
To help pkisharp do its job, keep your 80 and 443 binding on the same site, you can configure a "url rewrite" rule to redirect all 80 requests to 443.
The tool will add a task in the windows scheduler to handle the auto-renew.
We've been using certify (https://certifytheweb.com) with no issues on IIS. Free for less than 3 domains, cheap for up to 100 domains. Use this on all our servers. Turnkey solution with great debugging tools.
firstly this is my first experience installing an SSL/TLS cert so please forgive my ignorance/innocence on the topic.
I have an EC2 instance set up with a load balance running in the EU (Ireland) region, unfortunately the AWS Certificate Manager isn't available yet (any plans to introduce it there?? :) ), so I am getting a cert and installing it myself. My website will be using Stripe, which says you have to use SSl and I am just wondering if the positive SSL from Comodo will be enough? I don't really have the cash for $100+ EV cert at the moment. I know that might be a question for Stripe, but someone might know.
The part that I am wondering about AWS is, if I get the positive SSL cert and upload it through the AWS console to IAM (by adding a HTTPS listener to the load balancer), do I then have to install the certificate on my actual EC2 instance also, or is just doing it once through the console enough? Does that just mean that the https will be from a users browser to my load balancer, and not from my load balancer to my server? If I am going to have payments through my site is this a bad set up? Should I be getting a different cert?
Is just installing the positiveSSL cert through the console enough that my site will now be accessible through https://example.com and it doesn't have the green lock, or will it still be http://example.com and the HTTPS stuff just goes on in the background.
Sorry if this is an annoying question / doesn't make sense. I am just trying to wrap my head around it all. Thanks!
Stripe details this well:
Do I need to use SSL/TLS on my payment pages?
Yes ... It's more secure
and
What if I don't want to set up SSL/TLS yet?
You can test your page--but not live transactions--before installing your SSL/TLS certificate. You don't need to enable HTTPS until you're ready to go live.
To test live transactions without your own SSL/TLS certificate, you could host your site with a provider that provides a secure subdomain. For example, Heroku allows you to host at https://yourapp.heroku.com.
Ultimately, your site doesn't need to be PCI compliant, as Stripe handles all the credit card information. Clearly they don't set a "stripe compliant" standard for the SSL cert.