HTTPS Security Group not allowing access to EC2 instance when tried using HTTPS URL

Can you connect to the web server from the instance itself? Doing something like telnet 127.0.0.1 443 and then telnet <instance private IP> 443? Next, set up another instance in the same subnet and see if you can connect from the second instance to the first instance.

You can use VPC Reachability Analyzer to confirm that your routes and security groups are set up correctly but it can't determine if there is an issue on the instance itself which is what the tests above are there to confirm.

Hey AWS-User-2681063, One of the ways to tackle this is as follows:

1. You will need a custom domain to created a hosted zone in Amazon Route 53. Make sure that your custom domain has the same name servers (ns) that your hosted zone has.
2. Request an SSL certificate in Amazon Certificate Manager (ACM), which is free by the way (Steps here).
3. Validate the domain, either with DNS validation or Email validation. ACM will create the Route 53 records for you to be able to perform a DNS validation.
4. Then, once the domain is validated, you can create an Application Load Balancer (ALB) with a security group that allows both trafic via port 80 (HTTP) and 443 (HTTPS)
5. In the ALB, create a listener that listens on port 443 and attach the certificate requested in step 2 (Steps here).
6. Create a alias record in Route 53 to use your custom domain on top of your ALB DNS name. Choose your ALB DNS name as the endpoint (Steps here).
7. Make sure that your EC2 instance security group inbound rule has the security group of your ALB as the source. Security best practice is to have your ALB as the only point of entry.
8. Access your website by typing in the browser: https://<your_customer_domain>