By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

https response times out; http delivers content though

0

Hello,

I am having trouble delivering a website using an alternate domain name and https.

I am hosting the static web files in an s3 bucket with the name example-com (using example as example). I do not have this bucket enabled for static website hosting. I read somewhere that if you are using s3 with cloudfront, you should have Static website hosting disabled on the s3 bucket that is hosting the web files, because it is really your cloudfront distribution that is 'acting as the website.'

I also read somewhere that you cant have periods in your s3 bucket name if you link it to cloudfront, so that's why I use example-com and not example.com.

I am using a cloudfront distribution with the Origin domain as example-com.s3.us-east-1.amazonaws.com, Origin access is public, viewer protocol policy is Redirect http to https, alternate domain CNAME are example.com and www.example.com, and I have a valid SSL certificate for this domain in cloudfront. Apparently SNI is implemented by default.

example-com.s3.us-east-1.amazonaws.com/index.html is my Default root object.

When I go to http://www.example.com the website loads fine, with all my files displayed correctly. However, when I go to https://www.example.com the page just spins, and after about 2-3 min. it says can't establish a connection with the site; example.com took too long to respond.

F12 doesn't display the server error.

I have a route 53 hosted zone under example.com with all the CNAME records, ie

  1. www.example.com with value/route to being example.com
  2. randomcharacters1.example.com routing to randomcharacters2.tftwdmzmwn.acm-validation.aws.
  3. randomcharacters3.www.example.com routing to randomcharacters4.tftwdmzmwn.acm-validation.aws.
Topics
Security, Identity, & ComplianceComputeNetworking & Content DeliveryAWS Well-Architected Framework
Tags
Security, Identity, & ComplianceWebsite HostingAmazon CloudFrontAmazon Route 53Security
Language
English
Jeff F
asked a year ago309 views
1 Answer
0

In Route 53, example.com and www.example.com should be A records/Aliases with a value to your CloudFront distribution host, something like: d1234567890.cloudfront.net.

From a command prompt, try this command to see what SSL/TLS is seeing:

openssl s_client -connect www.example.com:443 -prexit

Also, for Origin access, it is best to use Origin access control settings.

Make sure that the slash is not included in the root object:

Enter only the object name, for example, index.html. Do not add a / before the object name.

Also, you can turn on access logging on the bucket to see the requests that are coming in to help troubleshoot.

profile pictureAWS
EXPERT
kentrad
answered a year ago
  • Jeff F
    a year ago

    Ok, I changed the records in Route 53 and now https://www.example.com/index.html & https://example.com/index.html work. The result of openssl s_client -connect www.example.com:443 -prexit is

    CONNECTED(0000028C)
12392:error:140773E8:SSL routines:SSL23_GET_SERVER_HELLO:reason(1000):.\ssl\s23_clnt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 124 bytes
---
New, (NONE), Cipher is (NONE)
Compression: NONE
Expansion: NONE
---

    I fixed my Origin access to Origin access control settings and updated the s3 Bucket policy with the policy that cloudfront suggested under Origin access > Bucket policy > Copy policy. Now, when I go https://www.example.com and https://example.com I receive a 403 error on f12 on the www.example.com and example.com files. So the complete summary of the browser response is as follows -

    1. https://www.example.com - 403 error
    2. https://example.com - 403 error
    3. https://www.example.com/index.html - displays correctly
    4. https://example.com/index.html - displays correctly
    5. http://www.example.com - redirects to https://example.com - 403 error
    6. http://example.com - redirects to https://example.com - 403 error
    7. http://www.example.com/index.html - redirects to https://www.example.com/index.html - displays correctly
    8. http://example.com/index.html - redirects to https://example.com/index.html - displays correctly

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content