ERR_INSECURE_RESPONSE error while hosting my frontend on AWS using cloudfront and backend on a EC2 behind a loadbalancer

Question

I am trying to host my frontend on AWS using cloudfront and backend on a EC2 behind a classic loadbalancer. I have imported my SSL certificate in ACM. Using ACM the certifcate has been installed on Cloudfront and classic Loadbalancer.

Cloudfront configuration:

Alternate Domain Names (CNAMEs) = mydomain.com
SSL Certificate = mydomain.com (xxx-yyy-zzz............)

Classic loadbalancer Configuration: The load balancer is hosted on api.mydomain.com and SSL certificate installed using ACM.

Security group inbound rules configuration:

EC2 is running a Nodejs server listening on port 80. I haven't installed SSL certificate on EC2 because it was not mentioned in AWS documentation.

The home page opens up but when I try to login I get an error:

LoginSignUp.js:84 OPTIONS https://api.mydomain.com/user/signin net::ERR_INSECURE_RESPONSE

So the browser is blocking backend response because it is not secure. Do I need to install SSL certificate on EC2 also? Or did I make any configuration mistake?

Steve E. Steve E. · Accepted Answer · 2017-08-16T10:47:40

It appears from your question that your SSL certificate is for mydomain.com and you are trying to request api.mydomain.com

Create a new ACM certificate that includes api.domain.com as either the domain name or as a Subject Alternative Name (SAN).

At a glance, the rest of the build looks correct.

ERR_INSECURE_RESPONSE error while hosting my frontend on AWS using cloudfront and backend on a EC2 behind a loadbalancer

1 Answers