Issue

This Content is from Stack Overflow. Question asked by smgeneralist

I have an application running on an AWS EC2 instance, port 8501. I cannot change the port for multiple reasons. I set up a reverse proxy with nginx using this YT tutorial to redirect http://[domain].com to port 8501.

That works fine.

I obtained an SSL certificate from AWS Certificate Manager and have since learned that AWS certificates only work with certain AWS services, here, here, and here. However, none of those StackOverflow links–or the AWS instruction pages linked therein–actually described how to connect the https request to the Application Load Balancer to the EC2 instance as set forth by my nginx reverse proxy above.

That is, I’ve more or less followed this YT tutorial to set up a load balancer and attach the SSL certificate obtained from AWS Certificate Manager, but when I type https://[domain].com, I receive a “site can’t be reached” error. http://[domain].com still works.

I’ve tried both HTTP:80 and HTTPS:443 for the Protocol:Port in my Target Group required by AWS Load Balancer. What more do I need to do?

Solution

You can’t do this. ACM certificates can only be used on load balancers (LBs), CloudFront distributions and API gateway. They can’t be used on instances.

This way you terminate your https on the LB, then from the LB there is only http connection to your instances:

Client ----(https)---> LB ----(http)----> Instance(s)

If you want to have https between LB and your instances, then you have to use self-signed certificate for that, but this is not commonly used. Usually termination of the https on the LB is sufficient.

This Question was asked in StackOverflow by Rejaul and Answered by Marcin It is licensed under the terms of CC BY-SA 2.5. - CC BY-SA 3.0. - CC BY-SA 4.0.