0

I launch an EC2 instance with an AMI from the marketplace, which is called LAMP packaged by Bitnami.

After the instance is launched, I find I can only access its DNS name or IP via HTTP, not HTTPS. It seems that the SSL will not be installed by default.

So I search on its document and find this: https://docs.bitnami.com/aws/faq/administration/generate-configure-certificate-letsencrypt/

I follow the instruction to run the following command:

sudo /opt/bitnami/bncert-tool

But after inputting the DNS name ec2-3-95-160-86.compute-1.amazonaws.com, it shows a warning:

Warning: The domain 'ec2-3-95-160-86.compute-1.amazonaws.com' resolves to a 
different IP address than the one detected for this machine, which is 
'3.95.160.86'. Please fix its DNS entries or remove it. For more info see: 
https://docs.bitnami.com/general/faq/configuration/configure-custom-domain/

I doube-check the domain DNS at https://dnschecker.org/ and confirm ec2-3-95-160-86.compute-1.amazonaws.com will resolve to 3.95.160.86, as below: enter image description here

So why I still get this warning? Also this warning will prevent me from creating the SSL certificate for ec2-3-95-160-86.compute-1.amazonaws.com at all.

alancc
  • 141
  • 12
  • You'll want to set up a proper domain name and DNS A records pointing at the server before you try to get an SSL cert – Tim Sep 16 '21 at 23:57
  • Can I set the SSL for the DNS name ec2-3-95-160-86.compute-1.amazonaws.com instead of a custom domain example.com? I want to do this because I will take the EC2 computer as a origin for Cloudfront, and use a custom domain example.com will cause redirect loop. – alancc Sep 17 '21 at 01:04
  • Let's Encrypt has a few validation methods, you might manage it with the HTTP challenge https://letsencrypt.org/docs/challenge-types/. Personally I would register the EC2 server as a subdomain - eg origin.example.com – Tim Sep 17 '21 at 01:10
  • @Tim, Thank you. I use origin.example.com and it works now. – alancc Sep 17 '21 at 05:47

1 Answers1

1

Here's an answer to close things off.

The best approach here is to register a domain name for the server rather than using the EC2 domain name, set up DNS records, and create an A record for the server. Request a certificate for that domain name.

If you're using CloudFront a domain such as origin.example.com can be useful, so that CloudFront can control the primary domain. Otherwise you can register any domain name you like.

Tim
  • 31,888
  • 7
  • 52
  • 78