1

I have an EC2 Ubuntu Instance running on AWS.

I have created a SSL certificate for my domain using AWS Certificate Manager.

i have created the needed hosted zone with the needed records for my domain.

I have created a Load Balancer with listeners for both protocols HTTP and HTTPS.

Now, I can access the site using the public IP from the AWS Instance and also using my domain name. The issue is when trying to access the site using https.

There appears an error page: ERR_SSL_PROTOCOL_ERROR

I don't know what is wrong in my approach to get a working site running with a SSL certificate.

I guess it can be due to the Ubuntu Apache2 configuration, but not sure.

I would appreciate a checklist of things I should verify in AWS (Certificate Manager, EC2 Instance, Load Balancer, Route 53, etc.) or in the configuration of the Ubuntu Apache2 server.

EDIT:

This is the security group inbound rules that are in use with the ELB

enter image description here

Improve this question
4
  • Have you checked ssllabs.com/ssltest/analyze.html? It will often provide more detailed reporting. Commented Sep 11, 2020 at 13:25
  • I assume you have Apache configured only for http and not https? And your domain is pointing to the ELB and not the instance itself? Commented Sep 11, 2020 at 13:27
  • @RodrigoM, using this tool, the result is Assessment failed: No secure protocols supported Commented Sep 11, 2020 at 13:34
  • As another suggestion, your ELB security group would normally only allow http/s to pass through. Ssh, smtp, udp and explict tcp are not normally used in the ELB security group. I'm sure you are testing stuff, but make sure to review. Commented Sep 12, 2020 at 15:37

1 Answer 1

Reset to default
1

I would double check security group on the ELB, confirm domain DNS. It's something on the ELB side since you are not connecting there.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

That is correct, but a further question is if I need to change anything on Apache2 when I am using a SSL certificate provided by AWS, not by a third provider.
I have include in my question as EDIT the security group inbound rules. I have also checked that the Route 53 hosted zone records for the ELB are also included.
it is working now, may be it was only a matter of time
On apache side you only configure for http - no ssl required there, as the SSL connection terminates at the ELB.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.