I am following this video tutorial on youtube https://www.youtube.com/watch?v=JbQbwum196g to install a Custom SSL Certificate with Cloud Front on my AWS Server, I followed all steps correctly and everything seems fine even created certificate on zone "us-east-1" (Virginia) as recommended on others posts I read but, I still get same problem, the problem I get is that server refuses Https connection, so every time I try to access https I get this error on browser "ERR_CONNECTION_REFUSED" for this error I can imagine is a permissions problem but, I don't seem to figure out what I am missing, can someone please give me a hand, thanks!
Related
I am doing this ECS fargate tutorial. I followed prerequisites and each step but cannot access a webpage in step 4. The chrome browser error msg is like
This site can't be reached
container.public.ip.address took too long to respond.
:
ERR_CONNECTION_TIMED_OUT
I am not sure where I went wrong but it seems web server does not respond properly.
What I did so far is
Increased resource(both cpu and memory)
checked security group settings
checked the service is supported in my region
changed browser to access the webpage
did a little search here and on the internet
but nothing works out.
Additional info: my region is ap-northeast-1.
Cound you give me some tips?
This is my first time setting up a dynamic website, so bare with me. My goal is to have SSL/https working on my php single instance aws Elastic beanstalk web app.
I already know that with a load balancer SSL is easy to set up and ACM certificates only work with load balancer.
I want single instance since it is cheaper. My project is small, don't expect a lot of traffic at most 1 user per day.
... back to problem, I did some research and came across this link, which is a "how to" from amazon:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-php.html
The problem I'm running into is the part where I'm suppose to put my "certificate contents here".
From research what goes here is a SSL certificate from a third party. When I purchased my domain from namecheap , I also purchased PostivieSSL. Now where I'm confused is how to create this "cerificate contents". I found this link on namecheap:
https://www.namecheap.com/support/knowledgebase/article.aspx/9446/14/generating-csr-on-apache-opensslmodsslnginx-heroku/
I know that I have to generate a CSR through SSH with commands ,where they will ask info about my site which is needed to make the request and get the certificate. It says I have to do this where I'm hosting my website. My question is how do I do this in elastic beanstalk? or is there another way to do this or am I understanding wrong. I'm a bit lost here
I've spent 2 days researching but cant find how to do this. I've found some people linking GitHub repositories doing this in some other similar questions but they don't seem to help me understand how to do this.
I was more or less in your shoes, but with the Java app instead of PHP. The way I see it, you have got three broad tasks to solve.
Generate proper certificate. You can either go for the one you already have from PositiveSSL or generate a free one for test purposes with Let's Encrypt and certbot (this might give you more control and understanding over what (sub)domain you're using it for). The end result is a set of certificate and key for the desired domain.
Make sure the certificate and key are on the Elastic Beanstalk instance in question and are being picked up by your web server. For this you need to properly package your app before deploying it, paying attention to the paths and the AWS docs for the single instance which you mentioned. Paste your certificate data in .ebextensions/https-instance.config, and it will be deployed as files under specified paths. Once you're done with the whole process later on, consider sourcing private certs and keys from your S3, never commit private data to version control.
Make sure the HTTPS traffic flows through. For this you'll need to make sure that your Elastic Beanstalk VPC security group has an inbound rule for port 443 (also covered in the AWS docs).
I'm trying to create a AWS Client VPN endpoint. I followed this AWS tutorial and I always get a timeout error like this:
DNS resolution error: 30 times.
I'm not sure what to do, I saw some videos on this topic and it seems I did everything correctly, does anyone know how to debug this? (or what could be the cause)?
This is really stupid. I tried to check IPs for my endpoint
host *.cvpn-endpoint-XXXX.prod.clientvpn.[region].amazonaws.com
and
host cvpn-endpoint-02aa72c3aa8d442d6.prod.clientvpn.eu-west-1.amazonaws.com
and both failed. As described in this response, you need to add a random subdomain. By adding this on the .ovpn file (on the remote parameter), it works!
About a few weeks ago, I linked my Lightsail Wordpress server to example.mysite.com using AWS Route 53.
Today, I added a security certificate by using sudo /opt/bitnami/bncert-tool. After doing this, the site worked fine and now I had a security certificate.
Then about 5 minutes later, I noticed that visiting example.mysite.com would return a browser error (This site can’t be reached). Fortunately, visiting the server IP would still work.
I tried running sudo /opt/bitnami/bncert-tool again, but it complains that example.mysite.com doesn't redirect to the server IP, even though Amazon Route53 says so.
Interestingly, all my other AWS Route53 A Records that aren't connected to AWS Lightsail work fine.
I still tried reaching example.mysite.com for 10 minutes, but it didn't work. I tried looking up this error online but that also didn't return anything I needed. Does anyone know how to fix this?
The issue appears to have been some sort of glitch (which was out of my control).
Occasionally, example.mysite.com will not work, but reloading the page usually fixes it.
I am a developer trying to help a customer who has lost their root access information. I have full access except for root access. I have developed a webhook that communicates between a catalog sales site and their CRM site.
It was working fine, until suddenly it started getting 500 error codes. I tracked down that it was because the SSL certificate has expired. How do I find out what SSL certificates exist and how to fix this problem.
One difficulty is that in order to request technical help, I must upgrade the support plan, which I am willing to do, but can only do this from the root access account. In addition, I can't ask a question about how to reset the root account access unless I have the support plan.
We have the account number, BTW. We are running an EC2 instance on an AWS Linux server. Pointers to how to either get paid help or reset root access would be appreciated.
SSL certificates will be in one of 2 places:
ACM for either CloudFront Distributions or Elastic Load Balancers.
Locally on an EC2 Server if you connect directly to server.
If you need to connect to the EC2 server you will need to be able to connect via SSH or RDP depending on OS.
Regarding getting root access, you will need to attempt account recovery via AWS support. You'll be expected to provide proof that you own the account before they can reset these credentials for you.
Found out destination needed to purchase a new certificate and all was well. I thought the problem was on the sending end, but it was actually on the receiving.