2

We got a certificate from ACM for our domain say example.com. On the application load balancer I deployed this and created a HTTPS listener with forwarding to my target group. The target group is an EC2 instances in a ASG. Now the issue is when I access my LB URL with HTTPS I get the SSL_ERROR_BAD_CERT_DOMAIN error with the description

XXXXXX.us-west-2.elb.amazonaws.com uses an invalid security certificate. The certificate is only valid for example.com

I now this is probably the expected behavior, but in this case, how do I apply a ACM certificate of my domain on the application load balancer? Thanks,

K3rn3l5
  • 351
  • 4
  • 18

1 Answers1

2

You have created a certificate for a specific domain, say 'example.com'. But you are not using this domain when accessing the ALB. Since there is a mismatch between the domain/hostname you are using ('XXXXXX.us-west-2.elb.amazonaws.com') and the certificates domain ('example.com'), your HTTP client shows you an error.

Create a DNS entry

example.com CNAME XXXXXX.us-west-2.elb.amazonaws.com

and access the domain using example.comas a hostname.

M. Glatki
  • 777
  • 6
  • 18
  • 1
    Thanks. I think that will help. Unfortunately, I am unable to make DNS changes currently to test this. But your answer makes sense. I will make it as correct as soon as I make the change and verify. Thanks again! – K3rn3l5 Jul 19 '18 at 20:00
  • 1
    Instead of adding CNAME you should use AWS Route53 alias. You should able to see alias of LoadBalancer endpoint if you already created LoadBalancer. So it would be something like this. example.com ALIAS XXXXXX.us-west-2.elb.amazonaws.com – Aman Juman Aug 03 '18 at 22:12