How do I resolve the "CloudFront wasn't able to connect to the origin" error?

2 minute read

I use Amazon CloudFront to serve content, but my users receive the following HTTP 502 error: "CloudFront wasn't able to connect to the origin."

Resolution

HTTP 502 errors from CloudFront can occur because of the following reasons:

There's an SSL/TLS negotiation failure because the origin uses SSL/TLS protocols and ciphers that CloudFront doesn't support.
There's an SSL/TLS negotiation failure because the SSL certificate on the origin is expired or not valid, or because the certificate chain isn't valid.
There's a host header mismatch in the SSL/TLS negotiation between your CloudFront distribution and the custom origin.
The custom origin doesn't respond on the ports that are specified in the origin settings of the CloudFront distribution.
The custom origin ends the connection to CloudFront too quickly.
If the error code is NonS3IoriginDnsError, then there's a DNS configuration issue that isn't allowing CloudFront to connect to the origin.

For detailed instructions on how to troubleshoot these issues, see HTTP 502 status code (Bad Gateway).

Related information

Troubleshooting error responses from your origin

How do I troubleshoot a 502: "The request could not be satisfied" error from CloudFront?

Topics

Networking & Content Delivery

Related videos

Watch Gabriela's video to learn more (9:30)

AWS OFFICIALUpdated 8 months ago

3 Comments

Concerning "There's a host header mismatch in the SSL negotiation between your CloudFront distribution and the custom origin.". This happens if the origin domain as api-gateway.example.com is not the same as the domain where cloudfront is accessed as example.com. To fix the error in that case do the following: CloudFront -> Distribution -> Behaviors, open the behavior for edit., under "Origin request policy - optional" select "AllViewerExceptHostHeader". Save and wait some time for the changes to apply. I do not remember how long it took. Could be 1 minute or 15 minutes.

David - inouiw on github

replied 2 years ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

EXPERT

AWS Official

replied 2 years ago

@David your hint saved my day...

Zain

replied 2 years ago

Relevant content

When I try searching up my site i get 502 error cloudfront failed to establish a connection with the origin.
mthomas
asked 2 years ago
I got 502 error from my cloudfront server.
Pablo
asked a year ago
502 ERROR DNS of CloudFront and Route 53
Sridharshan
asked a year ago
Hi. I need help ASAP for a 502 error connecting the CloudFront - CloudFront wasn't able to connect to the origin.
Accepted Answer
G
asked 2 years ago
502 - Bad Gateway : CloudFront wasn't able to connect to the origin
Theodore R
asked a year ago
How do I troubleshoot 403 errors from CloudFront?
AWS OFFICIALUpdated 2 years ago
Why does my application fail on CloudFront when I can use the application from a custom origin?
AWS OFFICIALUpdated 8 months ago
How do I troubleshoot a 502 "The request could not be satisfied" error in CloudFront?
AWS OFFICIALUpdated 7 months ago
How do I resolve "403 ERROR - The request could not be satisfied. Bad Request" in CloudFront?
AWS OFFICIALUpdated 2 years ago
Why do SSL/TLS negotiation errors occur when connecting to an Application Load Balancer over HTTPS, and how can I identify the responsible client IP?
SUPPORT ENGINEER
Sarah_P
published 8 days ago