Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Can't get HTTPS to work on Lightsail ubuntu instances - [..] the authenticity of the received data could not be verified

0

I'm migrating from Digital Ocean to AWS and having a hard time at it. After a lot of trouble with the need for setting up static ip's, DNS zones, etc, now my workflow for creating SSL certificates and establishing HTTPS connections is not working despite everything seemingly being OK.

I've tried everything I can possibly find, I've spent hours already trying to figure this out with 0 progress. I've never had this issue before, on DO I just issue the "certbot -d example.com" command and it "just works". It feels like there is something specific to Lightsail that I'm not aware of that is preventing HTTPS connections.

  1. Non HTTPS connections are working
  2. I am using the same example.com.conf files I've used before at DO, after my newly created ones didn't work, using the same Ubuntu version. I can't see anything wrong with them. Config test says syntax is OK.
  3. When I try to visit a site on HTTPS I get an error in Firefox I've never seen before:

Secure Connection Failed

An error occurred during a connection to test.***.com. PR_CONNECT_RESET_ERROR

Error code: PR_CONNECT_RESET_ERROR

** The page you are trying to view cannot be shown because the authenticity of the received data could not be verified**

The only reference on this support forum I can find has one answer which refers to "the proxy" interfering, I don't use a proxy (I tried Cloudflare but that doesn't work with Lightsail, unfortunately). As far as I know there is no proxy in front of my sites unless Lightsail does something I'm not aware of.

  1. I use certbot to generate certificates. I've tried generating them for only one domain, for all the subdomains individually, and by using wildcard certificates. No luck either way.
  2. Commands like: openssl s_client -connect ***.com:443 -showcerts in the terminal just keep loading, nothing happens.
  3. No errors in the apache2 error log
  4. I verified that the certificates have proper file permissions, that they are properly linked in the apache config files.
  5. UFW rules are:

Apache Full ALLOW Anywhere 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere Apache Full (v6) ALLOW Anywhere (v6) 22/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6)

  1. When I test the certificates with "openssl x509 -in /etc/letsencrypt/live/***.com/fullchain.pem -text -noout" the correct domains are in the output.
  2. Mod rewire module is enabled

Thanks in advance for any guidance.

.

Topics
Compute
Tags
Amazon Lightsail
Language
English
asked a year ago149 views
2 Answers
1
Accepted Answer

I finally discovered that Lightsail runs a firewall that is impossible to find, and by default it blocks https o 443!!! Had to manually add this.

All my hair ripped out but HTTPS is working now.

answered a year ago
EXPERT
reviewed a year ago
  • AWS-SUM EXPERT
    a year ago

    On Lightsail blueprints of application type that come with an application listening on port 443, the port is open. . But on an OS-only Ubuntu instance since there is no application listening on 443 nor any guarantees on a customer wanting to run an app on that port, the port is closed by default. . Thanks for the feedback. Also noted the documentation feedback below.

0

For those looking for it, documentation refers to the "networking" tab in the console but that's not where it is. You have to go to manage your instance and then go the the networking tab inside there, not the one on the right in your console.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content