When AWS application load balancers are configured to use HTTPS health checks, how are those verified? What subject name is matched against? What certificates are used?
Whenever I try to use HTTPS health checks, the ALB reports the health checks have failed, and I'm trying to get details about how the check is made.
Have you read the documentation? The health checks are to an IP, but the documentation that I've read doesn't say anything about certificates. If you want to have health checks over https it would be safest to have a valid working https certificate on your origin.
If the status of a target is any value other than Healthy, the API returns a reason code and a description of the issue, and the console displays the same description in a tooltip. Note that reason codes that begin with Elb originate on the load balancer side and reason codes that begin with Target originate on the target side.
In short, it will tell you what the problem is if you look in the right place.
The health check is an http/s request to the path you specify. That URL has to return a 200 status code, though it can be configured to interpret another code as healthy - see the doc link above.
The HTTP codes to use when checking for a successful response from a target. You can specify values or ranges of values between 200 and 499. The default value is 200.
