Reputation: 386
I have read the amazon ec2 guide for setup https and finished several steps. But it still not working.
Last, I have check the instance's security group and make sure it is right. I reboot the instance and the https does not work. The health check can pass in checking port 80. But it does not pass in checking port 443.
Do I miss any step?
Upvotes: 0
Views: 9422
Reputation: 2284
I know this post is a year old, but I recently had similar issues and hope that someone might find this useful.
I see you are using a load balancer. You have to do the following:
Make sure that port 443 is open on your EC2 instance and not being blocked by a firewall. You can run
sudo netstat -tlnp
on linux to check which ports are open. The output should look something like this:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 937/sshd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1060/mysqld
tcp6 0 0 :::22 :::* LISTEN 937/sshd
tcp6 0 0 :::443 :::* LISTEN 2798/apache2
tcp6 0 0 :::80 :::* LISTEN 2798/apache2
Make sure your security groups are setup as follows:
EC2 (INBOUND)
Load Balancer (Outbound)
Make sure your EC2 instance is listening on port 443 (/etc/apache2/ports.conf) :
Listen 80
Listen 443
If you are using a virtual host, make sure it looks like this:
<VirtualHost *:80>
DocumentRoot /var/www/html/mysite.com
ServerName mysite.com
ServerAlias www.mysite.com
<Directory /var/www/html/mysite.com>
AllowOverride All
RewriteEngine On
Require all granted
Options -Indexes +FollowSymLinks
</Directory>
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/html/mysite.com
ServerName mysite.com
ServerAlias www.mysite.com
SSLEngine on
SSLCertificateFile /usr/local/ssl/public.crt
SSLCertificateKeyFile /usr/local/ssl/private/private.key
SSLCACertificateFile /usr/local/ssl/intermediate.crt
</VirtualHost>
Upload your certificate files in .pem format using the following commands:
aws iam upload-server-certificate --server-certificate-name my-server-cert
--certificate-body file://my-certificate.pem --private-key file://my-private-key.pem
--certificate-chain file://my-certificate-chain.pem
Create a listener on the Load Balancer which has the EC2 instance attached to it. The listener is for HTTPS and port 443. The listener will ask for a certificate and it will have the one you added from the aws cli already listed. If it is not listed, log out of the AWS console and log back in.
After, this, traffic via HTTPS will start flowing to your EC2 instance.
I had similar issues, and posted my question and answer here: HTTPS only works on localhost
Upvotes: 5