Load Balancing HTTPS (port 443) is 'unhealthy' , but HTTP (port 80) is 'healthy'

Question

I bought a domain on 'namecheap' and connected it to my EC2 instance (running wordpress). The domain is connected to the instance (http://sasivalec.com/)
For the SSL, i requested it from Sectigo and configured it on AWS. The AWS certificate manager shows status: "Issued" and "in use". The load balancer shows state: "Active". But my target on the HTTPS target group shows "unhealthy". And in fact, i cannot connect to https://sasivalec.com/

**What i think it might be:** on the Load Balancer page, i get a DNS name that says (A Record), but on namecheap, i cannot add that DNS name as an A record, because it gives the error "please provide a valid IP address", so i added this DNS name as a CNAME record. Is this the issue?

How should i go about fixing this? Many thanks

Accepted Answer

I don't think your listener on port 443 is setup correctly. I issued the following command and no SSL connection can be established. 
```
# openssl s_client -connect sasivalec.com:443 -prexit
socket: Bad file descriptor
connect:errno=9
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
```

Answer

I don't wish this headache on anybydy :') 
As i'm new on the AWS console, i've been trying to enable my SSL certificate for quite some hours now.
I've decided to swap strategy and i'll tackle SSL from within my ubuntu instance using "certbot" and "Let's Encrypt". It seems to be much easier, faster and free.

Answer

I have the same issue. I was able to setup the SSL certificate on the ALB port 443 however traffic is forward to process on port 80 ... researching further on this issue

Load Balancing HTTPS (port 443) is 'unhealthy' , but HTTP (port 80) is 'healthy'

相關內容