- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hi Randa,
Please try this solution it will be helpful for you,
To resolve the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error and ensure a seamless, secure failover from your EC2 instance to your CloudFront distribution, start by ensuring both the EC2 instance and CloudFront are using valid and correctly configured SSL certificates. Use AWS Certificate Manager (ACM) to obtain an SSL certificate and install it on your EC2 instance in Paris. Attach this certificate to your CloudFront distribution in the us-east-1 region. Make sure your CloudFront distribution includes something2.example.fr as an alternate domain name and is configured to use the latest SSL/TLS protocols and ciphers. Set up Route 53 with a primary record for something.example.fr pointing to your EC2 instance and a secondary record pointing to your CloudFront distribution, configured with a failover routing policy. Ensure your Route 53 health checks are properly configured to monitor the health of the EC2 instance. By aligning the SSL/TLS configurations across both the EC2 instance and CloudFront, you will enable seamless failover without encountering SSL/TLS errors.
Please look at AWS Documment you will get more information.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/website-hosting-custom-domain-walkthrough.html
Hello,
To resolve the SSL/TLS issue, you need to ensure that both the primary and failover endpoints are properly configured with SSL/TLS certificates. If your using custom SSL certificates provided by third party providers in EC2 instance. You must import the certificate wildcard (*.example.fr) to AWS certificate manager and configure SSL/TLS certificate for Cloud Front, add alternate domain names for the distribution.
Route 53 DNS Records:
- Configure the primary record for something.example.fr to point to the EC2 instance.
- Set up a health check for the EC2 instance to determine its availability.
- Configure the failover record for something.example.fr to point to the CloudFront distribution.
- Ensure the health check is associated with the primary record so that failover occurs when the EC2 instance is down.
The alternate approach would be using Origin failover
You can make use of CloudFront origin failover to failover to secondary instance in another region when a primary origin is unavailable instead of Route 53 fail over routing: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html
Here's who you can setup EC2 as an origin to CloudFront, https://aws.amazon.com/cloudfront/getting-started/EC2/
This way you could probably have EC2 instance in two regions, Use origin groups to configure primary and secondary EC2 as an origin to the CloudFront and distribution can failover to secondary origin if the primary is unhealthy.
Thank you for the reply @Sivaraman Selvam I can't set EC2 as an origin to CloudFront because I have an application configured with ELB and in Paris regions I have lambda function When the EC2 instance is running: The Lambda function sets the Route 53 record to route traffic to the ELB (Value/Route traffic to Load Balancer), allowing access to the application. When the EC2 instance is stopped: The Lambda function updates the Route 53 record to route traffic to the CloudFront distribution URL (Value/Route traffic to: CloudFront URL)
Just to confirm, there is no problem if I access something2.example.fr, right?
I think the reason is that you are accessing something2.example.fr as something.example.fr, so the domains you are accessing do not match.
If the CloudFront side can also be accessed as something.example.fr, then the my idea needs to be revised.
Thank you for the reply @shibata Yes, accessing something2.example.fr directly does not pose any issues.
I add the lambda function When the EC2 instance is running: The Lambda function sets the Route 53 record to route traffic to the ELB (Value/Route traffic to Load Balancer), allowing access to the application. When the EC2 instance is stopped: The Lambda function updates the Route 53 record to route traffic to the CloudFront distribution URL (Value/Route traffic to: CloudFront URL). This ensures that users see a static maintenance page hosted on CloudFront instead of encountering an error.
Contenus pertinents
- demandé il y a 2 ans
- demandé il y a un an
- demandé il y a 6 mois
- Réponse acceptéedemandé il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 5 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
Thanks for the response @Parthasaradi, but I've already tried that approach and it didn't work for my situation.