AWS Application Load Balancer throws net::ERR_CERT_COMMON_NAME_INVALID

1
votes

I have created an microservice API application and hosted it on AWS ECS cluster and attached this cluster to AWS Application Load Balancer (ALB). Added a certificate from AWS Certificate Manager to the ALB. When I try to call using the link provided by AWS ALB, from my frontend app, it returns an error:

net::ERR_CERT_COMMON_NAME_INVALID

The link from ALB is sonething like this: xxxxx-xx-xxxxxxxxx.ap-south-1.elb.amazonaws.com

I attached a SSL certificate to the listener. The SSL is issued using AWS Certificate Manager for my-site.xyz and *.my-site.xyz

The frontend application is react application hosted on different-site.ai using AWS Amplify

2
amazon-web-servicessslload-balancing

2 Answers

1
votes

Edit The OP wanted this to resolve for their root/apex domain example.com, as they use Namecheap (which support an Alias record) a value was added for the root domain following these instructions.

Alias records are also supported in Route 53.

It needed to be an alias record as a root domain traditionally can only resolve to an IP address which would be an A record, whereas Alias will map the IP of the CNAME record to the value instead.

Original

The error thrown is because the SSL certificate that is attached is not applicable for the domain you're trying to access.

For example the cert is for example.com but you're trying to access xxxxx-xx-xxxxxxxxx.ap-south-1.elb.amazonaws.com.

To access this you must access on a valid domain name, to do this add a DNS record so that example.com resolves to xxxxx-xx-xxxxxxxxx.ap-south-1.elb.amazonaws.com. Then when accessing example.com the SSL will be valid.

0
votes

In my case, when I was requesting a certificate, I failed to list the domain names correctly.

For example, if your website was www.somewhere.com, you would need to add

www.somewhere.com

and also add

somewhere.com