I'm trying to set up my SSL certificate on my Elastic Beanstalk node website, but my HTTP routes aren't working properly.
I followed the instructions here to set up my load balancer for my EB, and it looks like the below.
https://i.imgur.com/hduzWZT.png
However I want it to go to HTTPS whenever I go to www.mywebsitecom, mywebsite.com.
At the moment it only goes to HTTPS if I manually type in https:// at the beginning of the URL, and only when I do https://www.mywebsite.com. It doesn't work at https://mywebsite.com.
Otherwise all traffic goes to unsecured HTTP on www.mywebsite.com (without typing the https).
I have set up the certificate properly I believe, and set the DNS A record in Route 53. Any help would be appreciated.
To change your CLB to ALB, refer the link: Migrating from CLB to ALB
Once that is done, make sure that you update your new ALB’s DNS name in your Route 53's Alias Target Field.
If everything is working fine, then you can delete your CLB.
Related
I want to have a subdomain (api.mysite.com) which makes calls to an EC2 classic load balancer (load-balancer-123456789.us-east-2.elb.amazonaws.com). Everything is hosted on AWS, to (theoretically) make it as straightforward as possible.
I created a domain and subdomain in AWS Route 53, as per the instructions here, and created an "A" record in the subdomain that links to my load balancer as an alias. That works fine, I can make calls to the load balancer through api.mysite.com, as long as I use HTTP.
But when I try to use HTTPS, I get ERR_SSL_PROTOCOL_ERROR. If I try to open the API in a browser, the security icon says that it's "not secure". I think the problem might be that the certificate is connected to the main domain (mysite.com) instead of the subdomain (api.mysite.com), but I can't figure out how to get it to resolve properly.
This SSL checking site shows the EC2 server itself (the one that the load balancer points to) and reports "Certificate not valid for domain name". It's an Ubuntu server, though I'm not sure if that should matter.
The SSL certificate needs to specify the subdomain as well as the main domain. The easiest way to do this is through AWS's Certificate Manager, by requesting a new certificate.
Make sure to specify each relevant domain and subdomain in the certificate (in this case, both mysite.com and api.mysite.com.)
After creating the certificate, go to the Load Balancer, open up the Listeners tab, and select the HTTPS port. Then, change the SSL certificate for that port to the certificate that includes the relevant subdomain. If you use AWS Certificate Manager, it can be selected from the dropdown menu.
We have our website hosted up on AWS EC2 instance behind the Application Load Balancer. Our Route 53 is targetting the Application Load Balancer.
Assuming we have a domain name - company.com
we have SSL registered for this domain *.company.com. We have this certificate enabled on the Application load balancer at 443 port.
We want our website hosted at subdomain - sub.company.com
Current Scenario:
When we access the website with http://www.sub.company.com or http://sub.company.com or https://sub.company.com.
With the rewrite rule for the first two, we are able to redirect to the third endpoint mentioned.
Problem arises in this particular case where we are trying to access the website with https://www.sub.example.com, It gives us a Non Secure Warning. How can we redirect this to https://sub.example.com ?
Things I have tried:
I have tried adding Rewrite rules on the webserver of EC2 Instance.
Added routing rules at Application Load balancer to redirect it at https://sub.example.com
Both of these solutions are not able to resolve the problem, It's maybe because SSL validation is happening at the first step of connection establishment before it reaches to load balancer layer.
How can we resolve this?
When you request a wildcard certificate, the asterisk (*) must be in the leftmost position of the domain name and can protect only one subdomain level.
For example, *.example.com can protect login.example.com and test.example.com, but it cannot protect test.login.example.com. then you have to request a separate certificate for *.login.example.com
I'm about to lose my mind trying to set this up. I have lost the whole day and can't seem to get near what I want to do.
I have a node js rest api uploaded trough elastic beanstalk, and I'm trying to setup a webpage to present the api, but for the live example to work the api needs to be accessed trough https. I've read the instructions for setting up the https for elastic beanstalk (and like everything on the AWS documentation it is a ridiculous maze). It has sent me trough several different AWS services.
What I basically got from it so far is that I need to set up a Load Balancer that will receive the connection trough https and forward the user to my instance. But I can't get it to work. I have a domain from freenom: bibliaparahumanos.tk, it is setup with an A alias to my EC2 IP, and it works with http, but if I try to access it trough https, I get "connection refused". If I use my normal Elastic Beanstalk url (http://apibibliahumana-env.eba-3nbmrphf.us-east-2.elasticbeanstalk.com/) with https it works, but I get a warning that the connection is not secure due to the domain on the certificate being different from the domain I'm accessing (which I understand, since the domain in the certificate is for my freenom domain).
I have the Load Balancer Listener set up with:
Protocol: https
Port: 443
Default action: forward to target group
(I have tried the target group with both http and https and the problem remains).
My certificate is from AWS Certificate Manager.
I have also seem this other tutorial but it confused me more. It adds some steps for configuring stuff on the app bundle, but I don't understand if it's required or an alternate way. I have tried setting that up, but it asks me to add the certificate's public key, which I can't figure out how to find.
I would suggest adding a CNAME record to your DNS towards apibibliahumana-env.eba-3nbmrphf.us-east-2.elasticbeanstalk.com.
A big advantage of using elastic beanstalk is that you can do blue/green deployments; as you will instead add the app URL to your DNS you can build an entire new environment in elastic beanstalk, test/wait until its stable and swap the app urls; which results in deployments without any downtime.
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.CNAMESwap.html
I have an AWS setup with ECS and ALB. The ALB has https listener which I am trying to configure the SSL Certificate for and forward the traffic to my ECS task.
My problem here is that in development environment we run the application using localhost, and when trying to send data to the ALB and ECS task, traffic gets rejected, because I cant add localhost as my domain is the SSL.
Is there any way I can solve this problem?
Maybe you can add your domain name in your hosts file.
127.0.0.1 dev.example.com
That way, when you request dev.example.com, it will go to your localhost.
Your local application can then talk to the ALB and your browser will see it with the right SSL certificate.
The issue was in Route53 and the record sets. I created a new subdomain in Route53 services.example.com, with A Record Type and Alias targeting the ALB. Then used this subdomain in frontend.
There is no need to add anything to hosts file.
I am attempting to add HTTPS to my AWS Elastic Load Balancer.
I obtained a certificate through AWS Certificate Manager:
I have enabled HTTPS on the load balancer:
I made sure the security group for the load balancer accepts 0.0.0.0/0 on 443:
When going to my domain on HTTP, it works.
However, when trying to load my domain with HTTPS, it does not work ("ERR_CONNECTION_TIMED_OUT")
EDIT and UPDATE:
It is the API that I am attempting to get HTTPS working for, not necessarily the domain. The domain serve's a static file (angular web app) from S3, and it is angular that is calling the load balancer (to transfer the request to an EC2 instance) for DB data.
When angular calls the api directly via the load balancer domain name over HTTP, the request responds as expected.
When angular makes the same api call over HTTPS, I get the following error:
You enabled HTTPS for your domain name, not the ELB domain which Amazon owns. You can only create SSL certificates for domains that you own. You can't enable SSL for "mydomain.com" and then excpect that to somehow work on a completely different domain. You need to change your AngularJS code to reference the API by your custom domain name which you have created an SSL certificate for. You need to point the domain to the ELB and install the SSL certificate for the domain on the ELB.
Mark B provided the almost full solution.
As my javascript code is calling the elastic load balancer (ELB) via it's DNS name provided by AWS, I can't obtain an SSL certificate for the domain I don't own.
As Mark B pointed out, I need to point my javascript code to the domain I do own, and have an SSL cert for.
So I can create a sub domain (e.g. api.mydomain.com) of the domain I own that then points to the ELB.
An A Record (e.g domain pointing to an IP) looks like it could fit the need.
However, an A Record can't point to the ELB because it's IP could change.
The missing step was to use AWS Route 53 to point the A Record to an alias (Route 53 allows you to do this) that represented my AWS Elastic Load Balancer.