How to enable HTTPS on AWS Elastic Load Balancer?

0
votes

I am attempting to add HTTPS to my AWS Elastic Load Balancer.

I obtained a certificate through AWS Certificate Manager: enter image description here

I have enabled HTTPS on the load balancer: enter image description here

I made sure the security group for the load balancer accepts 0.0.0.0/0 on 443: enter image description here

When going to my domain on HTTP, it works.

However, when trying to load my domain with HTTPS, it does not work ("ERR_CONNECTION_TIMED_OUT")

EDIT and UPDATE:

It is the API that I am attempting to get HTTPS working for, not necessarily the domain. The domain serve's a static file (angular web app) from S3, and it is angular that is calling the load balancer (to transfer the request to an EC2 instance) for DB data.

When angular calls the api directly via the load balancer domain name over HTTP, the request responds as expected.

When angular makes the same api call over HTTPS, I get the following error:

enter image description here

2
amazon-web-servicesnetworkinghttpselastic-load-balanceraws-certificate-manager
Everything looks correct. Are you sure your domain is pointing at the load balancer and not directly at the instance?Mark B
@MarkB Thanks Mark B, that's a good consideration... I'm not sure! Let me try to verify that!aero
@MarkB Thanks Mark B, I've updated my question with more information. The angular js is directly calling the load balancer's domain name in it's api requests - and is failing when it is over HTTPS.aero

2 Answers

1
votes

You enabled HTTPS for your domain name, not the ELB domain which Amazon owns. You can only create SSL certificates for domains that you own. You can't enable SSL for "mydomain.com" and then excpect that to somehow work on a completely different domain. You need to change your AngularJS code to reference the API by your custom domain name which you have created an SSL certificate for. You need to point the domain to the ELB and install the SSL certificate for the domain on the ELB.

0
votes

Mark B provided the almost full solution.

As my javascript code is calling the elastic load balancer (ELB) via it's DNS name provided by AWS, I can't obtain an SSL certificate for the domain I don't own.

As Mark B pointed out, I need to point my javascript code to the domain I do own, and have an SSL cert for.

So I can create a sub domain (e.g. api.mydomain.com) of the domain I own that then points to the ELB.

An A Record (e.g domain pointing to an IP) looks like it could fit the need.

However, an A Record can't point to the ELB because it's IP could change.

The missing step was to use AWS Route 53 to point the A Record to an alias (Route 53 allows you to do this) that represented my AWS Elastic Load Balancer.