HTTPS not working (on AWS Elastic Beanstalk based site)

Question

The site works perfectly fine on HTTP, however, does not work on HTTPS. I've followed all the steps on this page to create a self-signed certificate and add it to my Elastic Beanstalk environment. http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html

I'm also getting a successful certificate response back from IAM using the following command: aws iam get-server-certificate --server-certificate-name

After updating Elastic Beanstalk with the certificate, I've also added add a rule to the security group that allows inbound traffic from 0.0.0.0/0 to port 443. Finally, I've also validated that my load-balancer listener has HTTPS set up correctly.

In spite of all that, my calls to https is not resolving, while http is working perfectly fine. Any other thoughts on this? Any help would be much appreciated.

Please let me know if you need any more information. Desperately looking for some insight/help into this.

Anyway, not being able to resolve this issue with my site/code, I tried to set up HTTPS on the sample site provided on Elastic Beanstalk. Interestingly enough, even that is not working.

Answer 1

I want to provide an update that I was finally able to resolve the issue. The root-cause was because I missed to set up an Inbound Rule for the Security Group of the Load Balancer.

For whatever reason, when I read the documentation, I understood that the Inbound Rule needed to be set up for the Security Group of the Instance (and not the Load Balancer). Only after I started tracing the Load Balancer did I realize that I should perhaps try setting up the Rule for the Security Group of the Load Balancer. So, the problem is resolved. Below is the setting I used.

HTTPS           443     HTTP        80      <name of the certificate> 

I'd have to say that the documentation could be a bit more clear to clearly identify the change required to the Security Group of the Load Balancer (and not the Instance).

Answer 2

Amazon recently released AWS Certificate Manager :

• Go to https://console.aws.amazon.com/acm/home
• Add your domain and validate it by email
• After the certificate is issued, deploy it to your Elastic Load Balancers following the steps (and easily setup your security groups)

It's event better for a performance point of view:

Because ELB supports SSL offload, deploying a certificate to a load balancer (rather than to the EC2 instances behind it) will reduce the amount of encryption and decryption work that the instances need to handle.

follow the doc for more information:

https://aws.amazon.com/fr/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/