Mixed content error: This request has been blocked; the content must be served over HTTPS

Question

I have deployed an Angular application on Firebase that uses Node.js APIs that is hosted on AWS Windows EC2 instance. When I try to run the Firebase app on the browser and try to log in, I get the following error:

The page at 'https://website.web.app/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://IP-address/API'. This request has been blocked; the content must be served over HTTPS.

Is there a way I can load an SSL certificate onto the AWS EC2 instance to allow the APIs to be sent over an HTTPS url?

Answer 1

Is there a way I can load an SSL certificate onto the AWS EC2 instance to allow the APIs to be sent over an HTTPS url?

Yes, there are many ways of doing this. The easiest (don't confused with the cheapest) is to front your instance with an Application Load Balancer. Also you need your own domain. Once you have bought the domain, you can get free ssl from AWS ACM. After that you can easly add the ssl certificate to the ALB to have full support for HTTPS.