HTTPS access error – browsers don’t see the certificate used for configuring SSL in Elastic Load Balancer

Hi,

I configured SSL offload on Elastic Load Balancer using a certificate from AWS Certificate Manager.

The HTTPS listener is configured as follows: the default action is forwarding to Group Instances HTTPS, and the default SSL certificate is (as Edit Listener indicates) the correct one issued by ACM for a domain name I registered using AWS.

In Route 53 Hosted Zones, I created an A-type record with my Public IPv4 address (which is an Elastic IP) as a value.

However, when I try to connect to my domain via https, I get the error message ERR_CERT_AUTHORITY_INVALID, and Chrome’s Developer tools > Security > View Certificate displays

   Issued to:    ip-172-31-90-31.ec2.internal

   Issued by:    ip-172-31-90-31.ec2.internal,

that is my Private IPv4 DNS in both cases -- instead of my domain name (for Issued to) and Amazon (for Issued by).

I also tried pointing the A record to the ALB instead of my public IPv4 (as suggested at https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-elb-load-balancer.html). Unfortunately, after that browsers couldn't connect to the domain at all (the error message: <domain_name> took too long to respond).

I am wondering what could cause that. Could it result from some misconfiguration of my Apache server? If so, how could I fix that?

Thanks