amazon ec2 how to setup https?

Question

I have read the amazon ec2 guide for setup https and finished several steps. But it still not working.

1. sign a SSL certification, I use self-signed cert.
2. use aws iam to upload the SSL cert to amazon server.
3. In ec2 control platform, add port 80 and port 443 in the current security group's inbound
4. create new load balancer, add http with port 80, the port 443 and https with the uploaded cert in the new load balancer, and assign current instance in the load balancer

Last, I have check the instance's security group and make sure it is right. I reboot the instance and the https does not work. The health check can pass in checking port 80. But it does not pass in checking port 443.

Do I miss any step?

Answer 1

I know this post is a year old, but I recently had similar issues and hope that someone might find this useful.

I see you are using a load balancer. You have to do the following:

Step 1

Make sure that port 443 is open on your EC2 instance and not being blocked by a firewall. You can run

sudo netstat -tlnp

on linux to check which ports are open. The output should look something like this:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      937/sshd
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1060/mysqld
tcp6       0      0 :::22                   :::*                    LISTEN      937/sshd
tcp6       0      0 :::443                  :::*                    LISTEN      2798/apache2
tcp6       0      0 :::80                   :::*                    LISTEN      2798/apache2

Step 2

Make sure your security groups are setup as follows:

EC2 (INBOUND)

• HTTP TCP 80 LOAD BALANCER
• HTTPS TCP 443 LOAD BALANCER

Load Balancer (Outbound)

• HTTP TCP 80 EC2 Instance
• HTTPS TCP 443 EC2 Instance

Step 3

Make sure your EC2 instance is listening on port 443 (/etc/apache2/ports.conf) :

Listen 80
Listen 443

If you are using a virtual host, make sure it looks like this:

<VirtualHost *:80>
     DocumentRoot /var/www/html/mysite.com
     ServerName mysite.com
     ServerAlias www.mysite.com
        <Directory /var/www/html/mysite.com>
                AllowOverride All
                RewriteEngine On
                Require all granted
                Options -Indexes +FollowSymLinks
        </Directory>
</VirtualHost>
<VirtualHost *:443>
     DocumentRoot /var/www/html/mysite.com
     ServerName mysite.com
     ServerAlias www.mysite.com
     SSLEngine on
     SSLCertificateFile /usr/local/ssl/public.crt
     SSLCertificateKeyFile /usr/local/ssl/private/private.key
     SSLCACertificateFile /usr/local/ssl/intermediate.crt
</VirtualHost>

Step 4

Upload your certificate files in .pem format using the following commands:

aws iam upload-server-certificate --server-certificate-name my-server-cert 
--certificate-body file://my-certificate.pem --private-key file://my-private-key.pem 
--certificate-chain file://my-certificate-chain.pem

Step 4

Create a listener on the Load Balancer which has the EC2 instance attached to it. The listener is for HTTPS and port 443. The listener will ask for a certificate and it will have the one you added from the aws cli already listed. If it is not listed, log out of the AWS console and log back in.

After, this, traffic via HTTPS will start flowing to your EC2 instance.

I had similar issues, and posted my question and answer here: HTTPS only works on localhost