Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

ALB Connections Accepted but No Requests Processed – HTTPS Hangs (RequestCount = 0)

0

Hello,

I’m experiencing a strange issue with my Application Load Balancer (ALB) in us-east-2.

Symptoms:

NewConnectionCount > 0 in CloudWatch metrics (connections are arriving). RequestCount = 0 (ALB never processes HTTP requests). curl to the ALB DNS (both HTTP and HTTPS) hangs indefinitely (even with -L). Targets are healthy in both target groups (HTTP 200 checks pass when accessed directly via EC2 public IP). DNS (Namecheap) CNAME records correctly point to the ALB DNS name. Security groups and NACLs are open for ports 80 and 443. HTTPS listener has a valid ACM certificate (status = Issued) attached. Even from another EC2 instance in a different region, curl to the ALB DNS hangs.

What I’ve tried: Verified listeners (HTTP 80 → HTTPS redirect, HTTPS 443 → forward to healthy target group). Tested direct access to targets (works fine). Enabled ALB access logs – no requests appear at all. Created a second ALB (same behavior). Confirmed routing tables, subnets, and internet gateway settings are correct.

It seems like ALB is accepting TCP connections but failing to handle HTTP requests (SSL handshake or layer 7 issue). Could this be a misconfiguration I’m overlooking, or is this possibly an ALB service issue in us-east-2?

Topics
ComputeSecurity, Identity, & ComplianceNetworking & Content Delivery
Tags
Application Load BalancerAWS Certificate ManagerAmazon EC2Elastic Load BalancingNetworking & Content Delivery
Language
English
asked 10 months ago225 views
2 Answers
0

Based on your symptoms, it appears that your ALB is accepting TCP connections but failing to complete the HTTP/HTTPS request processing. This suggests an issue at the HTTP/SSL layer rather than at the network connectivity level.

Since your NewConnectionCount is greater than 0 but RequestCount is 0, connections are being established but requests aren't being processed. This could be due to several possible causes:

  1. SSL/TLS negotiation issues: If the client and ALB can't agree on cipher suites or TLS versions, the connection might be established but the SSL handshake fails. This would prevent HTTP requests from being processed.

  2. Domain name mismatch: If you're accessing the ALB using its default DNS name for HTTPS requests, you might encounter certificate validation issues. The default AWS DNS name cannot be used for HTTPS requests as public certificates cannot be requested for the *.amazonaws.com domain. Make sure you're using your custom domain that matches the certificate's Subject Alternative Name (SAN).

  3. DNS resolution problems: Although you mentioned your CNAME records are correctly set up, there might be DNS propagation or caching issues. The "Couldn't resolve host name" error mentioned in similar cases suggests potential DNS resolution problems.

To troubleshoot further:

  • Check if you're using the ALB's default DNS name for HTTPS requests. Instead, use your custom domain that matches the certificate.

  • Verify that the domain name used in your HTTPS requests exactly matches one of the alternate names specified in your ACM certificate.

  • Try clearing your DNS cache locally and test from different networks to rule out DNS propagation issues.

  • Check your ALB access logs for any entries. If there are none, it confirms requests aren't reaching the HTTP processing layer.

  • Test connectivity using a simple telnet or netcat command to verify basic TCP connectivity to the ALB on ports 80 and 443.

  • If you're sending any binary data or unusual request formats, ensure they're properly formatted as ALB has limitations with certain types of binary requests.

If all these checks pass and the issue persists, it might be worth contacting AWS Support as there could be an underlying service issue in your region.
Sources
EC2 HTTPS Requests Not Getting Through... | AWS re:Post
Resolve HTTP connection errors with Application Load Balancer | AWS re:Post
Troubleshoot your Application Load Balancers - Elastic Load Balancing
Application Load Balancer 502 ERROR when sending raw binary body | AWS re:Post

answered 10 months ago
AWS
EXPERT
reviewed 10 months ago
0

Are you using security groups on ALB. Does it allow port 80 and port 443 inbound?

EXPERT
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content