Jithin Kumar S
Jithin Kumar S

Reputation: 873

Terraform Error: error adding LB Listener Certificate: ValidationError: A certificate cannot be specified for %s listeners

Being spending more than a day, getting this error "Error: error adding LB Listener Certificate: ValidationError: A certificate cannot be specified for %s listeners" I tried to import ACM arm too but same issue. can anybody help ?

data "aws_acm_certificate" "tossl" {
  domain   = "*.xyz.com"
  types       = ["AMAZON_ISSUED"]
  most_recent = true
}

resource "aws_alb" "front_end_ALB" {  
  name               = "${local.env_name}-front-end-ec2-alb"
  subnets            = module.vpc.public_subnets
  load_balancer_type = "application"
  security_groups    = [aws_security_group.front-end-ALB-sg.id]
  internal           = false
  tags = merge(local.common_tags, { Name = "${local.env_name}-front-end-alb" })
}
resource "aws_alb_listener" "front_end_alb_listener" {  
  load_balancer_arn = "${aws_alb.front_end_ALB.arn}"  
  port              = "${var.alb_listener_port}"  
  protocol          = "${var.alb_listener_protocol}"

  default_action {
    type = "redirect"
        redirect {
          port        = "443"  
          protocol    = "HTTPS"
          status_code = "301"
        }
    }
}

##################################################################################
# Front end Load Balancer Certificate SSL
##################################################################################

resource "aws_lb_listener_certificate" "sslsecure" {
  listener_arn    = "${aws_alb_listener.front_end_alb_listener.arn}"
  certificate_arn = data.aws_acm_certificate.tossl.arn
}

Upvotes: 5

Views: 8984

Answers (1)

pabloxio
pabloxio

Reputation: 1493

I think you need to define two different ALB listeners. Try this:

resource "aws_lb_listener" "http" {
  load_balancer_arn = aws_alb.front_end_ALB.arn
  port              = "80"
  protocol          = "HTTP"

  default_action {
    type = "redirect"

    redirect {
      port        = "443"
      protocol    = "HTTPS"
      status_code = "HTTP_301"
    }
  }
}

resource "aws_lb_listener" "https" {
  load_balancer_arn = aws_alb.front_end_ALB.arn
  port              = "443"
  protocol          = "HTTPS"
  ssl_policy        = "ELBSecurityPolicy-2016-08"
  certificate_arn   = data.aws_acm_certificate.tossl.arn

  default_action {
    ...
  }
}

http listener is just a redirection to https listener which actually has the SSL config.

Upvotes: 4

Related Questions