Load Balancing HTTPS (port 443) is 'unhealthy' , but HTTP (port 80) is 'healthy'

1

I bought a domain on 'namecheap' and connected it to my EC2 instance (running wordpress). The domain is connected to the instance (http://sasivalec.com/) For the SSL, i requested it from Sectigo and configured it on AWS. The AWS certificate manager shows status: "Issued" and "in use". The load balancer shows state: "Active". But my target on the HTTPS target group shows "unhealthy". And in fact, i cannot connect to https://sasivalec.com/

What i think it might be: on the Load Balancer page, i get a DNS name that says (A Record), but on namecheap, i cannot add that DNS name as an A record, because it gives the error "please provide a valid IP address", so i added this DNS name as a CNAME record. Is this the issue?

How should i go about fixing this? Many thanks

3 Answers
2
Accepted Answer

I don't think your listener on port 443 is setup correctly. I issued the following command and no SSL connection can be established.

# openssl s_client -connect sasivalec.com:443 -prexit
socket: Bad file descriptor
connect:errno=9
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
profile pictureAWS
EXPERT
kentrad
answered a year ago
profile picture
EXPERT
reviewed 5 months ago
profile picture
EXPERT
reviewed 6 months ago
  • i've removed the certificate from AWS and i'll be handling ssl inside my ubuntu instance with certbot; i've been battling with the aws console for way too long

0

I don't wish this headache on anybydy :') As i'm new on the AWS console, i've been trying to enable my SSL certificate for quite some hours now. I've decided to swap strategy and i'll tackle SSL from within my ubuntu instance using "certbot" and "Let's Encrypt". It seems to be much easier, faster and free.

mark
answered a year ago
0

I have the same issue. I was able to setup the SSL certificate on the ALB port 443 however traffic is forward to process on port 80 ... researching further on this issue

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions