AWS classic load balancer listener isn't created, then disapears.

34
votes

I am trying to add an HTTPS listener to my EBS classic load balancer. I used the CLI upload-certificate tool to upload my cert (using the GUI never resulted in the cert showing up as an option on the load balancer form. No errors, logs, events).

I setup the listener according to AWS docs.

  • For Listener port, type the incoming traffic port, typically 443.
  • For Listener protocol, choose HTTPS.
  • For Instance port, type 80.
  • For Instance protocol, choose HTTP.
  • For SSL certificate, choose your certificate.

I choose my cert (Lets Encrypt), save and I see the new listener with a Pending Create tag. It never transitions from that status and if I refresh the page, the record is gone. No error, no logs, no events. Really want to make AWS work but Beanstalk has been extremely buggy. Any suggestions?

1
amazon-web-servicessslamazon-elastic-beanstalkelastic-load-balancer
Are you using a single instance environment, or a load balanced environment?Mark B
Load balanced. Single instances don’t give you an option to add LB listeners.Half_Duplex
Are you using aws acm import-certificate or aws iam upload-server-certificate or something else? It also doesn't make sense that uploading via the GUI didn't work. Did you try loading it into Amazon Certificate Manager (ACM)?Michael - sqlbot
If you are using a load balancer why wouldn't you use the free ACM certificates that auto-renew instead of trying to use the short-lived Let's Encrypt certificates that you will have to continually be re-uploading?Mark B
The fact that the DNS record exists at GoDaddy is entirely irrelevant to the issue. Yes it will work fine. The htaccess stuff you are talking about is Apache server configuration on the actual EC2 server, which definitely doesn't care where your DNS server is. And if you are installing an SSL certificate on the load balancer, it doesn't matter where the SSL certificate is from (ACM or anything else) it's going to behave the same way from the server/Apache/htaccess perspective. You are confusing a lot of unrelated issues here.Mark B

1 Answers

148
votes

I figured out what I wasn't doing.

On the load balancer settings page, after you click "Add Listener", fill out the details and click "Save Listener", you're actually not done. You have to scroll to the bottom of the page and click "Save" again. Not the best UI. User should never have to save twice, and at the very least, alert the user they are leaving unsaved changed.