Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

HTTPS not working (on AWS Elastic Beanstalk based site)

The site works perfectly fine on HTTP, however, does not work on HTTPS. I've followed all the steps on this page to create a self-signed certificate and add it to my Elastic Beanstalk environment. http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html

I'm also getting a successful certificate response back from IAM using the following command: aws iam get-server-certificate --server-certificate-name

After updating Elastic Beanstalk with the certificate, I've also added add a rule to the security group that allows inbound traffic from 0.0.0.0/0 to port 443. Finally, I've also validated that my load-balancer listener has HTTPS set up correctly.

In spite of all that, my calls to https is not resolving, while http is working perfectly fine. Any other thoughts on this? Any help would be much appreciated.

Please let me know if you need any more information. Desperately looking for some insight/help into this.

Anyway, not being able to resolve this issue with my site/code, I tried to set up HTTPS on the sample site provided on Elastic Beanstalk. Interestingly enough, even that is not working.

like image 236
Neo Avatar asked Jul 05 '14 18:07

Neo


People also ask

How do I enable HTTPS on AWS Elastic Beanstalk?

Allow incoming traffic on port 443 to the EC2 instance that your Elastic Beanstalk application is running on. 2. Configure the proxy server that runs on the instance to terminate HTTPS. Note: The configuration varies depending on your solution stack.


2 Answers

I want to provide an update that I was finally able to resolve the issue. The root-cause was because I missed to set up an Inbound Rule for the Security Group of the Load Balancer.

For whatever reason, when I read the documentation, I understood that the Inbound Rule needed to be set up for the Security Group of the Instance (and not the Load Balancer). Only after I started tracing the Load Balancer did I realize that I should perhaps try setting up the Rule for the Security Group of the Load Balancer. So, the problem is resolved. Below is the setting I used.

HTTPS           443     HTTP        80      <name of the certificate> 

I'd have to say that the documentation could be a bit more clear to clearly identify the change required to the Security Group of the Load Balancer (and not the Instance).

like image 63
Neo Avatar answered Sep 20 '22 05:09

Neo


Amazon recently released AWS Certificate Manager :

  • Go to https://console.aws.amazon.com/acm/home
  • Add your domain and validate it by email
  • After the certificate is issued, deploy it to your Elastic Load Balancers following the steps (and easily setup your security groups)

It's event better for a performance point of view:

Because ELB supports SSL offload, deploying a certificate to a load balancer (rather than to the EC2 instances behind it) will reduce the amount of encryption and decryption work that the instances need to handle.

follow the doc for more information:

https://aws.amazon.com/fr/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/

like image 27
Sebastien Horin Avatar answered Sep 20 '22 05:09

Sebastien Horin