Hi I have a domain name which is registered with https://www.networksolutions.com/. I have added nameservers which were mentioned in the Cloud DNS when I created zone.
After this I added SSL certificate which Google provides,
after this I added several subdomains and mapped this external IP of the load balancer to those domain names in the Cloud DNS section.
But even after doing all these steps when I am trying to access my website using https it given me following error.
Following are my domain names,
Here is my frontend configuration for http(working fine) and https,
HTTP Load Balancer Frontend:
HTTPS Load Balancer Frontend:
In my domain name provider's setting I have added following nameservers,
Nameservers :
Is there any other configuration which needs to be added or changed ?
Related
I followed the following tutorial to setup an SSL Certificate with a parent domain hosted at another provider than aws to create a secure connection to my REST Api.
https://medium.com/#sonalishah_63223/how-to-host-subdomain-in-aws-route-53-for-an-existing-parent-domain-with-different-service-9b4dde061b85
Setup:
Hosted Zone -> Record pointing to - Elastic Load Balancer - Beanstalk -> EC2 (Spring Application)
Setup Description:
I created a hosted zone (sub.mydomain.at).
In that hosted zone I created a record (api.sub.mydomain.at) pointing to the Elastic Load Balancer.
Everything works fine, API is callable.
Afterwards I created a certificate through ACM.
(*.mydomain.at) which has been successfully issued.
I attached it to my load balancer and it seems to work, when calling the API via https://.
But Postman throws the following error.
SSL Error: Hostname/IP does not match certificate's altnames
I could turn off "Enable SSL certificate verification" and it would work, but this does not seem to be the right solution.
So I created another Certificate for the domain api.sub.mydomain.at which is not verifying. According to nslookup the server can't find the domain even if the CNAME is setup. (I assume it is not possible to create a CNAME with multiple 'sub-domains')
_12312<long-_number>.api.sub.mydomain.at
So how can I resolve the Issue "Hostname/IP does not match certificates alt names"?
I think in your case, you are forwarding the requests (cname record api.sub.mydomain.at from alb public dns to your custom domain)
So you need to add ALB public dns name on hearder like this:
request({host: 'ALB public DNS'... headers: req.headers
I am trying to map an external sub domain into my Elastic Beanstalk Environment. I know, the common way is to use Route53 but I see no use of using it when my client's domain provider has already provided CPanel and stuff to set the CName and things. So, I am about to follow the below method to set domain to Beanstalk.
Login to your provider website and select your domain
Click on "Advanced DNS"
Create a CNAME record.
host: www
value: {{enter-your-subdomain}}.elasticbeanstalk.com.
Create a URL Redirect record.
host: #
value: http://www.{{your-custom-domain}}.com
By doing the above, I expect to have subdomain.example.com instead of subdomain-region.elasticbeanstalk.com
You can see detailed info in this - https://colintoh.com/blog/map-custom-domain-to-elastic-beanstalk-application
I am going to apply this to 2 things.
The REST API which resides in Beanstalk. (Will be used by few mobile and web apps)
The Web Portal app which resides in Beanstalk.
Now, I can see my client already has couple of subdomains for other purposes with SSL enabled. They have purchased SSL from a CA. Therefor, can we enable SSL in CPanel and point the SSL enabled sub domains to Beanstalk? Or we have to reconfigure everything in Route53 and go through their complex process of setting up the SSL?
Using SSL certificates issued by external vendor
From the side of SSL vendor you would need three files : certificate-chain.pem, https-cert.crt and private-key.pem .
Steps would be as follows:
Import certificate to ACM
aws acm import-certificate –certificate file://https-cert.crt
–private-key file://private-key.pem –certificate-chain
file://certificate-chain.pem
Once the import is complete to edit Load Balancer settings in AWS Elasticbeanstalk from Console to choose the imported certificate. For detailed step by step instruction refer https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html .
Using SSL certificates from AWS ACM
Steps would be as follows:
Create a Public Hosted Zone in Route 53 with the subdomain in discussion (say app.mydomain.com). AWS will return multiple ns server names.
Create an SOA record in the existing domain registrar for app.mydomain.com pointing to the ns server names returned in step 1.
Go to ACM and create domain validated certificates for app.mydomain.com .
Edit Load Balancer settings in AWS Elasticbeanstalk from Console to choose the new ACM certificates. For detailed step by step instruction refer https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html .
I am trying to setup HTTPS across my app which consists in a frontend (S3 bucket distributed with CloudFront), and a backend (node.js app inside Elastic Beanstalk).
For the CloudFront part, I created an SSL certificate in N. Virginia (apparently I don't have a choice here) and I made the binding in the CloudFront distribution. It works and my app is served over HTTPS.
For the Elastic Beanstalk part, I created an SSL certificate in Ireland (where my EBS app is hosted) and I bound this certificate to the EBS load balancer using the port 443. It works and I can reach my server with HTTPS using Postman.
However, when my frontend tries to make an API call to the backend I get this error :
I guess I made a mistake while creating the certificates, but I cannot find it. I gave both certificates the same set of CNAMES, I am not sure if I am supposed to do that.
EDIT :
I get the exact same error after updating the frontend so that it points the DName of the load balancer (also mapped to subdomain with Route 53).
CloudFront is attempting to load an HTTPS URL from your load balancer. I assume you have an SSL certification assigned to the load balancer. The domain name of the SSL certificate on the load balancer needs to match the domain name that CloudFront is requesting.
For example if the load balancer's SSL certificate is something like beanstalk.mydomain.com then CloudFront would need to be making requests for https://beanstalk.mydomain.com. The error CloudFront is giving you says that the domain name of the SSL certificate served by the load balancer does not match the domain name djumbo-back-debug.eu-west-1.elasticbeanstalk.co.
You need to setup something like the following:
DNS Name www.mydomain.com points to CloudFront Distribution
Configured to serve www.mydomain.com
Configured with an SSL certificate for the domain www.mydomain.com
Configure to pull from the origin beanstalk.mydomain.com
DNS Name beanstalk.mydomain.com points to Elastic Beanstalk application
With a Load Balancer, with an SSL certificate for beanstalk.mydomain.com
I have set up a static website using GCP Bucket Storage and loaded SSL certificate using HTTPS Load Balancer. My DNS record is set to: CNAME pointing to to bucket with www, (c.storage.googleapis.com) and A record to the Load Balancer Proxi IP with #. When I go to the website using http protocol I get a 404.
Am I missing something?
I have tried to see if there was a way to reconfigure the DNS and the bucket but couldn't find a way.
I hope to be able to get both http and https versions to work
I am attempting to add HTTPS to my AWS Elastic Load Balancer.
I obtained a certificate through AWS Certificate Manager:
I have enabled HTTPS on the load balancer:
I made sure the security group for the load balancer accepts 0.0.0.0/0 on 443:
When going to my domain on HTTP, it works.
However, when trying to load my domain with HTTPS, it does not work ("ERR_CONNECTION_TIMED_OUT")
EDIT and UPDATE:
It is the API that I am attempting to get HTTPS working for, not necessarily the domain. The domain serve's a static file (angular web app) from S3, and it is angular that is calling the load balancer (to transfer the request to an EC2 instance) for DB data.
When angular calls the api directly via the load balancer domain name over HTTP, the request responds as expected.
When angular makes the same api call over HTTPS, I get the following error:
You enabled HTTPS for your domain name, not the ELB domain which Amazon owns. You can only create SSL certificates for domains that you own. You can't enable SSL for "mydomain.com" and then excpect that to somehow work on a completely different domain. You need to change your AngularJS code to reference the API by your custom domain name which you have created an SSL certificate for. You need to point the domain to the ELB and install the SSL certificate for the domain on the ELB.
Mark B provided the almost full solution.
As my javascript code is calling the elastic load balancer (ELB) via it's DNS name provided by AWS, I can't obtain an SSL certificate for the domain I don't own.
As Mark B pointed out, I need to point my javascript code to the domain I do own, and have an SSL cert for.
So I can create a sub domain (e.g. api.mydomain.com) of the domain I own that then points to the ELB.
An A Record (e.g domain pointing to an IP) looks like it could fit the need.
However, an A Record can't point to the ELB because it's IP could change.
The missing step was to use AWS Route 53 to point the A Record to an alias (Route 53 allows you to do this) that represented my AWS Elastic Load Balancer.