2 Answers
- Newest
- Most votes
- Most comments
0
- Do you have valid and non-self-signed certificate associated with ALB?
- Do you have valid ALB listener associated with target for port 443?
answered 3 years ago
0
Hi there,
The 504 error you are experiencing with CloudFront sending HTTPS-only requests to your ALB (Application Load Balancer) can be caused by a few potential issues such as:
- The origin returned an HTTP 504 status code to CloudFront.
- The origin didn’t respond before the request expired.
- Origin being unreachable and TCP timing out.
To resolve problems with accessing your domain name over HTTPS, check the following:
- Your SSL certificate's domain name must be added as an alternate domain name (CNAME) in your CloudFront distribution's settings. For more information, see Using custom URLs for files by adding alternate domain names (CNAMEs).
- The domain name of the SSL certificate must be consistent with the domain name associated with the CloudFront distribution. For example, if you issue an SSL certificate for *.example.com, then the CloudFront distribution will support domain names such as abc.example.com or 123.example.com. However, an SSL certificate for *.example.com won't support domain names such as abc.123.example.com. To use abc.123.example.com as a domain name, you need an SSL certificate for either *.123.example.com or abc.123.example.com.
- Verify that the status of your CloudFront distribution is Deployed. If the status is still InProgress, then you might not be able to access the domain name because data is still propagating across edge locations.
- SSL/TLS certificate: Verify that the SSL/TLS certificate installed on the ALB is valid and matches the domain name used by CloudFront. CloudFront requires a valid certificate to establish a secure connection with the ALB.
- Check if there are any network issues or routing problems between CloudFront and the ALB. Ensure that the ALB's DNS name is correctly configured as the origin in CloudFront.
- ALB configuration: Verify that the ALB is correctly configured to handle HTTPS requests on port 443. Check the listener configuration and make sure it is set up to handle HTTPS traffic.
- Verify that the origin server firewall allows connections from CloudFront, confirm that the firewall allows traffic for port 443.
For more information on troubleshooting SSL errors, see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/http-502-bad-gateway.html#ssl-negotitation-failure
Related information https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/http-504-gateway-timeout.html https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html
answered a year ago
Relevant content
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 20 days ago
Thanks for reply!