I'm trying to configure SSL certificates on AWS ec2 Instance, I followed the following steps:
- Created instance on ec2 with ubuntu OS.
- Issued a certificate through certificate manager on my domains -> Ex: *.domains.com and domains.com
- Created a Classic Load balancer to point these certificate and ec2 instance.
- Configured A record in Route 53 to alias of load balancer
- Configured my virtual host on apache2
$sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache-selfsigned.key -out /etc/apache2/ssl/apache-selfsigned.crt
I obtained self signed certificates with all the necessary details which was asked.
And configured my virtual host something like this:
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin [email protected]
ServerName ssltest.domains.com
ServerAlias ssltest.domains.com
DocumentRoot /var/www/html/****/public
ErrorLog /var/www/html/****/error.log
CustomLog /var/www/html/****/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache-selfsigned.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache-selfsigned.key
<Directory /var/www/html/****/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Allow from all
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin [email protected]
ServerName ssltest.domains.com
ServerAlias ssltest.domains.com
DocumentRoot /var/www/html/****/public
ErrorLog /var/www/html/****/error.log
CustomLog /var/www/html/****/access.log combined
<Directory /var/www/html/****/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Allow from all
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
When I access my domain it is not taking Amazon Issued Certificates. How can I point the certificates, I've gone through almost all the resources available on Internet. My default-ssl.conf
is also enabled mod_ssl
is also enabled. Help me out with this.
dig ssltest.biltrax.com
returns a single IP address (13.232.245.240); AWS classic load balancers usually have several. – ceejayoz13.232.245.240
appears to be the IP of your EC2 instance, too.ec2-13-232-245-240.ap-south-1.compute.amazonaws.com
You've got a DNS problem, not an SSL one. – ceejayoz