Getting 502 error when trying to set up SSL on EC2 instance via Cloudfront

Question

I'm trying to set up an SSL certificate on an EC2 instance I've installed Wordpress on, using Cloudfront and Route 53, but I'm getting a 502 error in the browser when I head to the URL. I'm not using ELB as I'm not expecting the traffic to be very high (at least for a while). Anyone know what the issue is?

Here's the error I'm getting:

Request URL:https://react.edbiden.com/
Request Method:GET
Status Code:502 
Remote Address:54.230.11.194:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
content-length:587
content-type:text/html
date:Sun, 13 Aug 2017 10:45:32 GMT
server:CloudFront
status:502
via:1.1 d10e0115903b50001036753d910516ef.cloudfront.net (CloudFront)
x-amz-cf-id:YWp5HN-1zbO56PxkmH_TIBYFtQ4sO1LnvmYk4wjnrTfuXKP0RHLxnQ==
x-cache:Error from cloudfront

In Route 53 I've got A records for IP4 and IP6:

Alias: Yes
Alias Target: d2dzwf20h9q46z.cloudfront.net.
Routing: Simple

In Cloudfront:

EC2 settings:

Would be super grateful if anyone can point me in the right direction. Thanks!

Answer 1

I think the issue is with the SSL certificate mismatch. You are using a self-signed certificate in the Origin server (EC2 instance) but as per AWS "For origins other than ELB load balancers, you must use a certificate that is signed by a trusted third-party certificate authority, for example, Comodo, DigiCert, or Symantec." http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-custom-origin.html

You can try to use Let's encrypt certificate in the instance.

Answer 2

Change Origin Protocol Policy to "HTTP Only". Otherwise CloudFront tries to connect to the EC2 instance via HTTPS which will probably fail.