Reputation: 873
Being spending more than a day, getting this error "Error: error adding LB Listener Certificate: ValidationError: A certificate cannot be specified for %s listeners" I tried to import ACM arm too but same issue. can anybody help ?
data "aws_acm_certificate" "tossl" {
domain = "*.xyz.com"
types = ["AMAZON_ISSUED"]
most_recent = true
}
resource "aws_alb" "front_end_ALB" {
name = "${local.env_name}-front-end-ec2-alb"
subnets = module.vpc.public_subnets
load_balancer_type = "application"
security_groups = [aws_security_group.front-end-ALB-sg.id]
internal = false
tags = merge(local.common_tags, { Name = "${local.env_name}-front-end-alb" })
}
resource "aws_alb_listener" "front_end_alb_listener" {
load_balancer_arn = "${aws_alb.front_end_ALB.arn}"
port = "${var.alb_listener_port}"
protocol = "${var.alb_listener_protocol}"
default_action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "301"
}
}
}
##################################################################################
# Front end Load Balancer Certificate SSL
##################################################################################
resource "aws_lb_listener_certificate" "sslsecure" {
listener_arn = "${aws_alb_listener.front_end_alb_listener.arn}"
certificate_arn = data.aws_acm_certificate.tossl.arn
}
Upvotes: 5
Views: 8984
Reputation: 1493
I think you need to define two different ALB listeners. Try this:
resource "aws_lb_listener" "http" {
load_balancer_arn = aws_alb.front_end_ALB.arn
port = "80"
protocol = "HTTP"
default_action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
}
resource "aws_lb_listener" "https" {
load_balancer_arn = aws_alb.front_end_ALB.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = data.aws_acm_certificate.tossl.arn
default_action {
...
}
}
http
listener is just a redirection to https
listener which actually has the SSL config.
Upvotes: 4