I have purchased SSL certificate from Namecheap and want to import it to my AWS instance. My application runs on docker container port 80.
1. Certificate is uploaded to ACM, and in use.
2. Created a LoadBalancer+Target group.
3. Configured CloudFront
4. In Route53, pointed the A-Record to my Application LoadBalancer name.
For some unknown reason I am unable to access the URL.
It gets redirected to Https:// but it's not accessible.
Am I missing anything here ? Your advice really appreciated on this.
Related
I have set up an EC2 instance. Logged in with server and set up apache2 in it.
Example Domain: www.example.com
Created Route53 for example.com and pointed NS record to Domain provider. So, I am going to use Route53 for DNS.
In DNS, I have created A record with EC2 IP.
In apache2 set up VirtualHost for www.example.com, Reloaded apache2 server, and also enable site www.example.com.
Now, I have purchased a certificate from the AWS certificate manager for www.example.com. I have added the CNAME record in Route53 and also validated the domain. The certificate was also activated.
Now, I am going to hit the site www.example.com, It's redirecting to https://www.example.com but the page is giving an error regarding HTTPS.
I have also opened 443 port for that instance.
I think you forget to add a Load Balancer (ALB) or a CloudFront Distribution in front of your EC2 instance since Certificates produced with ACM must be configured on these kind of components. Not possible with EC2. And it can not suggest where to use it.
I already have a domain, like exmaple.com and I have a simple app running on an ec2 instance.
I've allocated an elastic IP for this instance, and created a zone on route 53, created A record, and also an alias record.
I have updated the nameservers from route53 NS records in GoDaddy domain settings(and I should mention that I've waited 48 hours for ns to be propagated, and that part is fine).
When I ping example.com on my own computer, the DNS Name resolve to the correct IP address.
When I check the elastic IP, it's working and shows my website, but when I check example.com it does not show my app and shows This site can’t be reached:
this is a screenshot of what it shows
I cannot see where's the problem!
Based on the comments.
The issue was due to using https, rather then http. The http connection works. To setup https the following general procedure needs to be undertaken:
Get a public SSL certificate. Since you are using instance, you can't use AWS ACM for that. In this case a popular choice is https://letsencrypt.org/ where you can register free SSL certificate for your domain and its subdomains.
Setup ssl connectivity on your instance. Often this is done by using nginx as a revers proxy. The nginx will provide HTTPS for your instance using the SSL certificates from step 1.
Open port 443 (HTTPS) in your security group.
The alternative is to front your instance with an application load balancer (ALB). Using it, you can easily get free AWS ACM free certificate and deploy it on the ALB. No actions required on your instance in this case.
I have created a subdomain demo.mysite.com which is hosted over godaddy.com. I have successfully mapped the subdomain demo.mysite.com to my AWS elastic IP in the go daddy console
On my AWS EC2 instance my website is secured runing over HTTPS and I have deployed the certificates corresponding to demo.mysite.com on my AWS EC2 instance. Now the problem I am facing is
1 - When I access my subdomain it points to my EC2 instance and the URL in my web browser changes to my Elastic IP ie www.demo.mysite.com --->> https://201.12.34.58:8443/myApp , which must not happen and it must remain as https://demo.mysite.com
2 - And since my URL changes so I start getting the certificate error saying
The certificate is only valid for demo.mysite.com.
Error code: SSL_ERROR_BAD_CERT_DOMAIN
Can someone help in solving these two issues, I feel that if first issues gets solved the second issue will automatically get solved. I am not sure though
Guys I need your help
I suggest to manage your domain DNS with CloudFlare. Add a CNAME record for your subdomain demo which points to that IP. On CloudFlare Console go to Crypto > Origin Certificates. Create a new one with RSA, then import it to AWS Certificate Manager at us-east-1. For the certificate chain use this. Be sure that Always use HTTPS in Crypto tab is on. After some minutes you should be using your domain pointing to AWS with HTTPS working fine.
That's what I did to make a subdomain to work with an AWS API endpoint with SSL.
Recently, I started searching about security procedures and came across SSL. Actually, I already knew about SSL, but I found to be too expensive at the time.
Luckily, yesterday I found out that Amazon gives SSL certificates for free!
However, I have spent a whole day trying to set it up but it didn't work.
I have a domain registered at GoDaddy, let's assume its www.mydomain.com. My website is hosted, however, on Amazon Web Services (AWS). I also have access to edit the GoDaddy's DNS records and full access to my AWS account. I have seen LetsEncrypt, but my website runs in ASP.NET (IIS Windows) and currently they only support Linux OS.
Here's what I've tried to do:
Get a SSL Certificate from AWS Certificate Manager
I have chosen to setup via DNS, which means I had to add a CNAME record to GoDaddy domain records.
If you look above carefully on the two images, the CNAME record on AWS is on the center of the page. I've added a record as CNAME containing the values.
Add HTTPS to Load Balancer Listeners:
Allowed HTTPS on Security Groups
NOTE: Both Inbound and Outbund rules are just like above. I have also set the Load Balancer and my Running Instance to use this security group.
Added records to Route 53 Hosted Zones
The A type record points to my instance IP.
The NS record was generated by Amazon (I added GoDaddy's Name servers as well).
The SOA record was generated by Amazon and I didnt touch it.
The CNAME was added by me, It's again the SSL protocol.
I don't know what else to do or if I have a wrong setup.
If I'm not mistaken, you have an EC2 instance behind an ELB (Classic/Application/NLB), requested an ACM certificate which has been issued successfully for *.mydomain.com, created HTTPS listener to use the SSL certificate but getting connection time out on port 443.
The issue is the DNS record of mydomain.com still points to the EC2 instance's IP, which might not be listening on port 443 (and the ELB is not being used at all).
So, to resolve this, you have to use the ELB's DNS name and use it as CNAME in your DNS record (not sure whether in Route 53 or GoDaddy because I don't know which is authoritative NS).
Also, you might consider requesting a new certificate with mydomain.com and *.mydomain.com and update the listener because ACM cert with *.mydomain.com does not protect mydomain.com.
My iOS software platform runs on AWS Elastic Beanstalk and has a URL we'll call "something.elasticbeanstalk.com". I have a website we'll call "website.com" I purchased and operate the DNS records for through Namecheap. I need to make the URL my iOS client apps use to connect to the server HTTPS since Apple is requiring this soon due to App Transport Security.
WHAT I THINK I'M SUPPOSED TO DO
What I think I'm supposed to do is, create an SSL certificate for "website.com" and apply that SSL certificate to the AWS EB load balancer. Then I need to create a subdomain for "website.com" that redirects traffic to "something.elasticbeanstalk.com". Client apps connect to the subdomain of "website.com" which is now HTTPS and redirects to "something.elsastic.beanstalk.com". Is that correct?
WHAT I'VE DONE SO FAR
So far, I created a SSL certificate for "website.com" using AWS Certificate Manager. For this I had to verify my email address associated with "website.com". I then applied that SSL certificate to my environment's load balancer int the AWS Management Console. After that, I went into Namecheap and followed this guide in the 'Domain Name & AWS 53 Management' section to do it.
I read in this article that I needed to create an alias and/or set up Nameservers in AWS Route53. I tried doing that but don't know what I'm doing and it seems to conflict with the Medium article I linked above that I followed telling me to change the CNAME record for the URL and the Redirect URL record for "website.com".
QUESTION
What do I do from here?
SITUATION
-I have a Parse Server on Elastic Beanstalk with URL “something.elasticbeanstalk.com”
-I have a domain with Namecheap called “website.com”
WHAT I NEEDED
I needed to make my client app connect to an HTTPS address since Apple is requiring it shortly with App Transport Security. Since I couldn’t get an SSL certificate using AWS certificate manager for “something.elasticbeanstalk.com”, I created one for “website.com”. I then needed to have my client app connect to the HTTPS “website.com” which would forward it over to “something.elasticbeanstalk.com”. This satisfied the HTTPS requirements of Apple.
HOW TO DO IT
Make an SSL certificate for “website.com” using AWS Certificate Manager. You will need to confirm the domain via a confirmation email to the administrator for it.
Apple the SSL certificate for “website.com” to the AWS EB Load Balancer. Go to your AWS EB Console, click "configuration", click "Load Balancing" under the "Network Tier" category. Now under the first category which is "Load Balancer", select the SSL record you made and apply it in the "SSL certificate ID" section.
Set a CNAME record for “website.com” with a host of whatever subdomain of “website.com” you want. I chose “data” as my host value and subdomain (so my subdomain is “data.website.com”). Set the value of the CNAME record to “something.elasticbeanstalk.com”. Wait for it to propagate. It’s usually pretty fast but not always.
(I’m unsure if this particular step is proper but it worked for me) Set the serverURL of Parse-Server to “https://something.elasticbeanstalk.com” and the publicServerURL to “https://data.something.com”
In the Parse “initializeWithConfiguration” method in your client app that enables the app to connect to the server, change the server URL to “https://data.something.com/parse”. NOTE: include the “/parse” which is the MOUNT PATH of the parse-server. This value MAY BE DIFFERENT for you depending on how you set it but I set it to “/parse” since that’s what I saw in the Parse-Server docs.
NOTES
-I deleted all Route53 records since they are irrelevant here since “something.com” DNS services are controlled by Namecheap.
-A Redirect URL record in Namecheap is unnecessary