- Newest
- Most votes
- Most comments
Hi,
Based on the information on the comments, it appears you are not routing the traffic through ALB. The A record for EC2 IP will directly route the traffic to EC2 i.e. it wont go via ALB. So you need to do the following:
- Did you check if you are able to access the application via ALB DNS name directly? You may want to debug any problems connecting to EC2 via ALB. E.g. Issues with Target Group, Health Checks, Security Groups etc.
- The CNAME record correctly points to the ALB DNS name (it should not be an A record pointing to the ALB IP or EC2 IP).
- Attaching the ACM certificate to the HTTPS listener on your ALB is a crucial step. Double-check to ensure it is correctly associated. Refer this
Hope this is helpful.
Thanks, Rama
I can access the application through the ALB DNS name directly. If I remove the A record, traffic is routed through the ALB and http and https work fine. The CNAME record is pointed to the ALB DNS name. But removing the A record somehow prevents my other DNS records from propagating.
Thanks for your help so far. As far as I can tell, MX records won't propagate without an A record. Is there a way to use the ALB with an A record? Or another avenue I'm missing? Thanks!
Hi, understand your blocker now. Since you are using an external DNS provider, it is likely they don't allow you to associate the ALB DNS name for the apex record, they need an IP address. Since Route 53 allows you to use ALB DNS for an A record. The workaround I can think of is to create a hosted zone in Route53 and request your domain provider to re-direct your requests to this AWS NameServer (you will find this info as soon as you create your hosted zone) post that, just add the A records and the CNAME records. Pls refer this for more information: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/migrate-dns-domain-in-use.html
Relevant content
- Accepted Answerasked a month ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
Could you pls check this post and let us know if it worked: https://repost.aws/questions/QUsSrSOia1SKaO44u0XlWRZw/is-it-possible-to-secure-my-website-using-an-ssl-certificate-from-aws-certificate-manager-if-my-website-is-not-hosted-on-aws
Based on step 2, I re-added the A record which points to my EC2 server. I left the CNAME records. Based on step 4, I also adjusted the load balancer to point http traffic to https and https to port 80 on my server. (Previously they both pointed to port 80) My DNS records are now propagating, but I don't think traffic is being routed through the load balancer. Http works fine, although does not redirect to Https. Https gives ERR_CONNECTION_REFUSED. That post also mentions ensuring Apache is correctly configured. I didn't think there was a way to configure Apache with ACM because I couldn't copy the certificate to the server?