Reputation: 347
AWS - Error 502 between CloudFront and EC2 SSL certificate - Mobile App
- I have a EC2 Instance in which I've installed an SSL certificate via LetsEncrypt
- The Instance hosts a FastApi and Gunicorn which serves as server for a mobile app
- There's an elastic IP attached to the EC2 instance
- All inbounds and outbounds EC2 ports are opened
- I have imported in the Certificate Manager (east-2 Virginia) the SSL certificate generated by LetsEncrypt
- I have created an hosted zone in Route53 adding a domain (www.example.com) and creating the CAA (0 issue "letsencrypt.org") + changed the nameservers in godaddy as per the ones in the Route53 NS
- I have created a CloudFront distribution having as origin the Public IPv4 DNS of the EC2 instance, redirecting HTTP to HTTPS, setting the Custom SSL certificate equal to the one uploaded in the Certificate Manager (LetsEncrypt) and in the Alternate domain name (CNAME) added the www.example.com
- I have added in Route53, in the A record, the CloudFront Distribution domain name
Given these premises, in the EC2 instance there is not a landing html page (like hello world!) to be reached if the CloudFront Distribution domain name or the domain name is pinged.
However, If I ping it, I get the 502 error (502 ERROR The request could not be satisfied. CloudFront wasn't able to connect to the origin. We can't connect to the server for this app or website at this time).
The domain was validated in the SSLlab without throwing errors except a "Chain issues Incorrect order, Extra certs" in the "Additional Certificates section" (not in the "Server Key and Certificate #1") and the X-Cache says: Error from CloudFront.
How can I fix the 502 error?
EDIT
I've posted the solution in the comment
Upvotes: 1
Views: 1482
Answers (2)
Reputation: 919
In my case, you MUST use fullchain.pem certificate instead of the shorter cert.pem one. Otherwise cloudfront will fail to load non / url if it is a single page app.
Upvotes: 0
Reputation: 347
The solution was to keep everything as above stated but:
- remove the ssl certificate from the instance
- generate a new ssl certificate in Certificate Manager from Amazon (this also implies creating records in Route 53 of the CNAME of the new certificate and selecting the new certificate in the Cloudfront distribution).
At the end the issue was a conflict between the two ssl certificates. Only one had to be kept.
Upvotes: 1
Related Questions
- CloudFront wasn't able to connect to the origin
- Putting AWS cloudfront in front of ec2 throws 502 error
- Subdomain on CloudFront not working (certificate not accepted)
- CloudFront distribution and AWS issued certificate gives SSL_ERROR_NO_CYPHER_OVERLAP
- cloudfront showing "The request could not be satisfied 502 error" when trying to connect to ec2
- CloudFront error when serving over HTTPS using SNI
- Can't use AWS cloudfront with custom SSL cert from IAM
- Having trouble associated SSL cert with Amazon Cloudfront
- Getting 502 error when trying to set up SSL on EC2 instance via Cloudfront
- AWS CloudFront SSL Certificate - MalformedCertificate error