AWS load balancer not working with custom domain

Question

I have set up an AWS load balancer that listens to HTTPS, deployed an ACM certificate to it and pointed my domain to it in Route 53. When accessing the site using the domain provided by AWS, https://example.eu-west-1.elb.amazonaws.com, it works fine (except the certificate doesn't match, so I must add an exception in Chrome). But when I try it access it using my own domain, https://example.com, Chrome says ERR_SSL_VERSION_OR_CIPHER_MISMATCH. I find this very strange since it's the domain that differs and the cert is the same.

Answer 1

ERR_SSL_VERSION_OR_CIPHER_MISMATCH basically means "sever supports SSL, nut no TLS". I doubt you can get this error connecting to an actual Amazon ELB.

And if you can connect using domain provided by AWS then your certificate and the connection between ELB and your instance should be correct too. In worst case, you will get same certificate warning as when connecting using amazon domain name.

Check where amazon domain name (example.eu-west-1.elb.amazonaws.com) points and where exactly your domain (example.com) points. I bet these will be two different addresses. If in doubt use this online tool to resolve DNS names.

Have you configured your domain in Route 53 as an Alias to ELB? This is important. And most likely where the issue is.

Answer 2

When you requested your cert, did you specify a host name (i.e www.example.com) or a wildcard (*.example.com)?

Neither of these will match the root domain (example.com) so you will need to add a second name to the certificate.

There are a number of ways to configure the connection between the ELB and the instance - if you're using https or tcp between the ELB and the instance, then you'll need to make sure the web server on the instance is also set up properly for SSL. You can get away with terminating SSL on the ELB and using HTTP between the ELB and instance.