I set up EC2 Ubuntu instance, assigned an elastic IP, got example.com (domain) to the ec2 instance via Route53. Added an SSL certificate using ACM (certificate manager) which says 'issued'.
However, https://example.com raises ERR_SSL_PROTOCL_ERROR. http://example.com is working.
The security group has HTTPS port open.
What's wrong here? Why this is not working? Any clues? curl https://localhost -k shows local port 443 refused.
You can't deploy a public ACM certificate directly to an instance. The "issued" state, just means it's ready to be applied somewhere. It needs to be applied to a service that supports ACM like an ELB, API Gateway, or a CloudFront distribution, which can be used to offload SSL processing. See the faqs for an overview of how they can be used.
For a certificate directly on the instance, you can use letsencrypt to issue free, trusted certs.
Also, this assumes that you've configured the web server to listen on 443.
ACM can only be used with AWS resources such as Elastic Load Balancer, Amazon CloudFront distributions and APIs on Amazon API Gateway. Make sure that you are using one the above services to serve your website content.
ACM cannot be directly used with EC2 instance, you either need Elastic Load Balancer or CloudFront distribution to used it.
