GCP load balancer stuck in FAILED_NOT_VISIBLE status - google-cloud-platform

I am trying to create a load balancer using a app engine backend. I followed the official guide . I followed this (pretty good) tutorial too. I can't get the domain status to switch to ACTIVE. It remains stuck as FAILED_NOT_VISIBLE, which indicates there may be a problem with setting the domain names.
I don't know what's missing. I have a relatively simple LB setting. The frontend is defined with the HTTPS protocol and an ephemeral address (#frontend_ip).
In the Cloud DNS, I created a zone with the following record sets :
/ A record type / IPv4 = #frontend_ip
www / CNAME record type / IPv4 = #frontend_ip
The SSL certificate has the 2 same domain names defined as above (with and without www). I selected the Google managed certificate type.
The following command gcloud compute target-https-proxies list shows my target-proxy is associated with my SSL certificate.
I tried a different way by creating an External IP address first, as explained in the above linked guide. Then, by selecting this External IP address in my Frontend configuration, instead of an ephemeral address. Then by selecting this External IP address as the IPv4 address of my domain names definitions. That doesn't seem to work either.
Any help would be greatly appreciated, as I don't know what's missing. I've tried to delete it all and re create the LB and DNS settings.

You state that you created a zone. Is that zone pointed to by your domain registrar? Your problem is most likely incorrect DNS setup. Start at your Domain Registrar and make sure everything is set up correctly. Since you created a new zone, you probably have a Name Server problem

Related

EC2 domain name ERR_CONNECTION_TIMED_OUT

I have bought a domain name from GoDaddy and would like to host it on an EC2 instance. I have created the instance and have installed apache. I have added an index.php with phpinfo(); and it is showing correctly when I access the public IP on browser. Now I would like to point my domain name to this instance. For this I have added an A RECORD at Godaddy DNS configuration. But when I access the doamin, it is showing
ERR_CONNECTION_TIMED_OUT
message in the broswer. Is there any additional settings I need to do ?
What you did is what it is needed. SO if it is not working then then you have to check everything again :
- check (for example with ping) if the domain is in fact resolving to correct IP address (from your computer and from instance for example to use different DNS servers). You can also use host command (for example host www.mydomain.com 8.8.8.8 - it will use google's dns (8.8.8.8) as the source of truth
- check if Security Group in aws allows inbound traffic (that's probably true as you can reach the instance directly)
- try to connect from different network (again this should not be problem as IP is reachable using IP).
you can also post the domain name and requested Ip so we can check this for you ;)

AWS Elastic IP pointed to new instance does not work

I created an AMI of my server on AWS, and spun up a new instance.
When I point my elastic IP address to my new instance and type in my domain name I get a timeout error when going to my website.
I have done backups before and just re-pointed my elastic IP but this time it does not seem to be working, any ideas?
Steps I take on AWS:
I click on my elastic IP and pick actions-> Associate Address
Resource type = Instance
Instance: I select the new instance I just made by copying my old instance
Reassociation: I click the checkbox to allow Allow Elastic IP to be reassociated if already attached
I click associate
When I go to my webpage I get this error in edge:
Error Code: DLG_FLAGS_INVALID_CA
DLG_FLAGS_SEC_CERT_CN_INVALID
When I click proceed I get this instead of my website (Chrome would not allow me to proceed):
Looks like some sort of certificate issue...
The error I get in chrome is:
NET::ERR_CERT_AUTHORITY_INVALID
Can you please check server of which type (EC2-VPC or Classic).
You can't associate an Elastic IP address that you allocated for use with a VPC with an instance in EC2-Classic, and vice-versa.
If this is the case you can migrate Elastic IP from classic to EC2-VPC.
The SSL certificate is invalid, or not installed correctly. It is not related to the EIP at all.
This site is not secureā€ is a security alert that prevents users from accessing various websites. In the technical language, this error is known under the name of DLG_FLAGS_SEC_CERT_CN_INVALID. The
ou will need to provide more information about the cert, how it was issued, etc. to do any further troubleshooting.
See https://tecoreviews.com/how-to/fix-site-not-secure-pop-error-code-dlg_flags_sec_cert_cn_invalid/
The error message NET::ERR_CERT_AUTHORITY_INVALID is also related to the certificate.
Given these messages, I suspect the certificate has a common name mismatch, a root CA certificate is missing, or it's a self signed certificate.
Check the certificate details carefully as presented in the browser. The browser itself is rejecting the cert. Check globalsign.com/en/blog/how-to-view-ssl-certificate-details and review. It should be clear why the cert is being rejected. When you see the specific error, you can figure out the cause and then fix it.
The domain name is key. When the SSL cert was created you provided a Common Name (i.e. domain name). Some SSL certificates cover subdomains (wildcard certificates issued for e.g '*.example.com') some don't (ie. www.example.com only). If you have the latter kind you need to use the exact same domain to address the new box.
I did not update my security groups correctly so web traffic wasn't allowed.

Create IP address for load balancer? [duplicate]

I had a question about using the URL in my Load Balancer - and using it as the A Record for my DNS entry via GoDaddy...GoDaddy doesn't allow a URL, and insists on the A Record being an IP address and no other format. But I don't see this option available in the Load Balancer I created, only a URL.
What I have so far is this..
I've created a Load Balancer successfully using both HTTP and HTTPS, along with the RapidSSL cert I purchased and imported.
When I open my new Load Balancer item in EC2 dashboard, under the Description tab, I see an auto-generated URL next to DNS Name: http://ACThttp-617756314.us-east-2.elb.amazonaws.com (A record)
The above URL works fine in my browser. I went to plug this into GoDaddy'a A record in the DNS settings --- but apparently GoDaddy only allows an IP address to be used as an A Record...and not a URL like the one generated by EC2. I find this confusing since it literally says "A Record" next to this generated URL in my Load Balancer.
Does this mean I need to generate an IP Address inEC2 dashboard, so that I can use it in GoDaddy DNS settings? I'm guessing this is done via Route53...or could I skip this altogether and still find a way to connect my new Load Balancer to my DNS A record some other way?
However this is done, any help would be appreciated. If Route53, what are the exact steps I need to take? Or any other solutions, as much detail you could provide would be so so so helpful.
I've done this a few times successfully in the past, but it was a while ago and I can't recall how I connected them to the DNS properly.
Thanks!
You should use a CNAME record (not an A record).
A CNAME record points to another DNS name, whereas an A record points to an IP address.
Load Balancers should always be addressed by their DNS Name, so use a CNAME record.

Assigning domain name to host on Route 53 in AWS

I'm deploying my first app on EC2. I have a domain name registered, lets call it example.com. My ec2 instance has a public ip, lets say, 100.100.100.100. When I got the EC2 instance, I already have a wordpress site installed on it (the blog for my app - blog.example.com). Hitting the public ip directly goes to the blog.
My app is running on the 4000 port of this EC2 instance. I want to assign the example.com domain to this.
I'm using AWS Route 53 for the DNS. I'm clicking on create a record set, where I give the name - www.example.com to the value 100.100.100.100:4000. The type is an IP-v4. However, when I try to assign this, I get the error below:
The record set could not be saved because:
- The Value field contains invalid characters or is in an invalid format.
It's because I've specified the port of the ip in the value. How do I get example.co to point to this app on 100.100.100.100:4000? Thank you for all the help in advance!
Amazon Route53 is a global Domain Name Service (DNS).
DNS services are used to resolve DNS names (eg example.com) to an IP address (eg 100.100.100.100). However, DNS servers do not point to ports on a machine (eg port 4000).
Therefore, to refer to 100.100.100.100:4000, you would use example.com:4000.

How to point Amazon DNS service to a specific folder on EC2 server

I feel very dumb already. I have searched for the answer for 2 hours without any success.
I have bought a domain through Amazon - Route 53. It has created 2 hosted zones for me NS and SOA type.
I am unable to figure out how to point a specific domain e.g. example.com to a specific folder on the EC2 server.
Do I need to create that A type hosted zone? If yes, do I just put IP address into value field of that zone? If yes, how then it knows which folder should it pick?
Is there any set up to be done on the actual server(I mean through remote desktop)? Do I need to setup a DNS there? I guess not.
Step 1: Use use route 53 and create an 'A' record which points the domain to the server ip address (you had that part right).
Step 2: In the IIS Admin/Manager tool you 'bind' a particular dnsname to a specific website that you previously setup in IIS.
You need to do both steps.