22

I have a standard Elastic Beanstalk app set up and running great over HTTP. There is one EC2 instance (for now), and the domain is configured with a CNAME pointing to the load balancer. Following the instructions in the AWS documentation, I inputted the SSL certificate and configured the load balancer as such:

  • Load balancer protocol: HTTPS
  • Load balancer port: 443
  • Instance protocol: HTTP
  • Instance port: 80
  • Cipher: [default]
  • SSL certificate: myCert

The changes look like they have been applied; in the load balancer description, I see:

Port configuration: 
80 (HTTP) forwarding to 80 (HTTP)
    Stickiness: Disabled

443 (HTTPS, Certificate: myCert) forwarding to 80 (HTTP)
    Stickiness: Disabled

However, I cannot access the site at the HTTPS load balancer URL or my domain's HTTPS URL. Request times out. The HTTP site continues to work well.

Is there any additional configuration I have to do to have the server respond on HTTPS? Am I correct in assuming that there is no configuration required at the app level, since SSL is terminated at the load balancer and the app will continue to speak HTTP?

mpiz
  • 223
  • 2
  • 5

1 Answers1

34

What I suspect you are missing is allowing access to your instance from your load balancer's security group.

You can see the load balancer's security group here:

ELB SG

Then you can see add it to your instance's security group here:

enter image description here

Rico
  • 58,485
  • 12
  • 111
  • 141
  • 2
    Good call! The security group was configured to serve port 80 only; adding port 443 to the security group did the trick. Thanks! – mpiz Feb 20 '14 at 23:52
  • 1
    If only I had seen this post earlier... I've been scratching my head for hours! – Adam B Jan 11 '15 at 14:38
  • Its the little things – Dr.Knowitall Mar 29 '16 at 19:31
  • @Rico could you please take a look at this and tell me what might I be missing? https://stackoverflow.com/questions/46022599/unable-to-setup-ssl-for-website – gazubi Sep 03 '17 at 10:42