0

I have read the amazon ec2 guide for setup https and finished several steps. But it still not working.

  1. sign a SSL certification, I use self-signed cert.
  2. use aws iam to upload the SSL cert to amazon server.
  3. In ec2 control platform, add port 80 and port 443 in the current security group's inbound
  4. create new load balancer, add http with port 80, the port 443 and https with the uploaded cert in the new load balancer, and assign current instance in the load balancer

Last, I have check the instance's security group and make sure it is right. I reboot the instance and the https does not work. The health check can pass in checking port 80. But it does not pass in checking port 443.

Do I miss any step?

Fenix Lam
  • 358
  • 4
  • 18
  • Hey , Please check mod ssl is enabled? Which OS you are using Linux? – abaid778 Jan 07 '15 at 18:25
  • The system is the amazon VPC basic setup. I guess that is linux, but I am not allow to get in there by putty. – Fenix Lam Jan 08 '15 at 02:40
  • are this a Elastic Beanstalk or not ? Please tell me clear details – abaid778 Jan 08 '15 at 07:33
  • Yes, that is Elastic Beanstalk. We use ec2 console platform to create a Amazon Linux AMI. – Fenix Lam Jan 09 '15 at 01:11
  • Is your web server setup to respond on port 443, or do you wish to terminate your SSL session on the Load Balancer and then pass traffic to the web server on port 80? – John Rotenstein Jan 09 '15 at 04:22
  • I just want to setup HTTPS for web server, the client side need to use https request to get the data. But your question lead me to solve the problem: I change the load balancer setting, the load balancer protocol set to https and 443 port, the instance protocol set to http and 80 port. It work perfectly. – Fenix Lam Jan 09 '15 at 08:39
  • To set up https, you can do this steps that I've answer [in this question](https://stackoverflow.com/a/50125872/4508758) – wisetap.dev May 02 '18 at 01:25

1 Answers1

5

I know this post is a year old, but I recently had similar issues and hope that someone might find this useful.

I see you are using a load balancer. You have to do the following:

Step 1

Make sure that port 443 is open on your EC2 instance and not being blocked by a firewall. You can run

sudo netstat -tlnp

on linux to check which ports are open. The output should look something like this:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      937/sshd
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1060/mysqld
tcp6       0      0 :::22                   :::*                    LISTEN      937/sshd
tcp6       0      0 :::443                  :::*                    LISTEN      2798/apache2
tcp6       0      0 :::80                   :::*                    LISTEN      2798/apache2

Step 2

Make sure your security groups are setup as follows:

EC2 (INBOUND)

  • HTTP TCP 80 LOAD BALANCER
  • HTTPS TCP 443 LOAD BALANCER

Load Balancer (Outbound)

  • HTTP TCP 80 EC2 Instance
  • HTTPS TCP 443 EC2 Instance

Step 3

Make sure your EC2 instance is listening on port 443 (/etc/apache2/ports.conf) :

Listen 80
Listen 443

If you are using a virtual host, make sure it looks like this:

<VirtualHost *:80>
     DocumentRoot /var/www/html/mysite.com
     ServerName mysite.com
     ServerAlias www.mysite.com
        <Directory /var/www/html/mysite.com>
                AllowOverride All
                RewriteEngine On
                Require all granted
                Options -Indexes +FollowSymLinks
        </Directory>
</VirtualHost>
<VirtualHost *:443>
     DocumentRoot /var/www/html/mysite.com
     ServerName mysite.com
     ServerAlias www.mysite.com
     SSLEngine on
     SSLCertificateFile /usr/local/ssl/public.crt
     SSLCertificateKeyFile /usr/local/ssl/private/private.key
     SSLCACertificateFile /usr/local/ssl/intermediate.crt
</VirtualHost>

Step 4

Upload your certificate files in .pem format using the following commands:

aws iam upload-server-certificate --server-certificate-name my-server-cert 
--certificate-body file://my-certificate.pem --private-key file://my-private-key.pem 
--certificate-chain file://my-certificate-chain.pem

Step 4

Create a listener on the Load Balancer which has the EC2 instance attached to it. The listener is for HTTPS and port 443. The listener will ask for a certificate and it will have the one you added from the aws cli already listed. If it is not listed, log out of the AWS console and log back in.

HTTPS Listener on Load Balancer

After, this, traffic via HTTPS will start flowing to your EC2 instance.

I had similar issues, and posted my question and answer here: HTTPS only works on localhost

Community
  • 1
  • 1
Janpan
  • 1,876
  • 1
  • 24
  • 49