I've recently added an SSL cert to my Load Balancer using an HTTPS listener.
I've updated the Security Group for the Load Balancer to allow HTTPS traffic through on port 443, from sources 0.0.0.0/0 and ::/0, and I've also set the Security Group for the instances themselves to allow HTTPS traffic from the Load Balancer's Security Group.
However any requests to our server using HTTPS fail, but using HTTP gets through fine.
In EC2->LoadBalancers I see a Listeners tab, and have the following in it:
LB Protocol - LB Port - Ins Protocol - Ins Port - Cipher - SSL Certificate
HTTP - 80 - HTTP - 80 - N/A - N/A
HTTPS - 443 - HTTPS - 443 - Change - myCertName (IAM) Change
Clicking Change on the Cipher shows I have the latest Security Policy selected (ELBSecurityPolicy-2016-08), and the SSL certificate is the one I generated yesterday.
If I go into EC2 -> Security Groups I see the following:
For the security group that the 2 instances are using:
Type - Protocol - Range - Source
HTTP - TCP - 80 - sg-123456
HTTPS - TCP - 443 - sg-123456
(where sg-123456 is the name of the security group the load balancer is using).
For the security group that the LoadBalancer is using:
Type - Protocol - Range - Source
HTTPS - TCP - 443 - 0.0.0.0/0
HTTPS - TCP - 443 - ::/0
HTTP - TCP - 80 - 0.0.0.0/0
HTTP - TCP - 80 - ::/0
I also tried Elastic Beanstalk -> my app - > my env - > Configuration - > Network Tier -> Load Balancing:
It had Secure listener port set to OFF. I set this to 443, the Protocol to HTTPS and then set the SSL certificate ID dropdown to the same certificate I uploaded to the Load Balancer listener.
I hit save, it started to update the environment, and then gave this error:
Updating load balancer named: failed Reason: A listener already exists for with LoadBalancerPort 443, but with a different InstancePort, Protocol, or SSLCertificateId
I feel like there is probably a single step I've missed somewhere along the way, can anyone see what that step could be?