9

I recently migrated my WordPress to an EC2 instance. I attached an Elastic IP address to it and created an A record in my Route 53. But all my requests were HTTP so I wanted to use CloudFront to redirect all my HTTP to https.

I created a CloudFront distribution and now all my HTTP requests are redirected to https. And since my SSL certificate is active, my site is secure.

But now my site (blog.insisivecloud.io) doesn't load and I get a 502 Error which says "CloudFront wasn't able to connect to the origin." I have given the public DNS of the EC2 instance as my origin.

When I go to the public DNS of the EC2 where the blog is hosted it works fine. (ec2-54-167-212-65.compute-1.amazonaws.com)

Where am I going wrong here?

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Shivaranjani Ramakrishnan
  • 173
  • 1
  • 2
  • 6
  • 2
    Unless you have an SSL certificate on the EC2 instance, in the CloudFront origin settings, *Origin Protocol Policy* needs to be set to `HTTP`. Confirm this, please? – Michael - sqlbot Mar 21 '19 at 05:03
  • 1
    Turns out that I did not have an SSL certificate on the EC2 instance. I used this WordPress plugin to fix the issue https://wordpress.org/plugins/ssl-insecure-content-fixer/. – Shivaranjani Ramakrishnan Mar 24 '19 at 10:02

1 Answers1

3

As official documentation says:

For HTTPS viewer requests that CloudFront forwards to this origin, one of the domain names in the SSL certificate on your origin server must match the domain name that you specify for Origin Domain Name. Otherwise, CloudFront responds to the viewer requests with an HTTP status code 502 (Bad Gateway) instead of returning the requested object. For more information, see Requirements for Using SSL/TLS Certificates with CloudFront.

Rustamjon Kirgizbaev
  • 457
  • 5
  • 11
  • 1
    Your understanding of this paragraph is incorrect: It is common practice to use a different certificate for a subdomain. AWS's free certificate can be used for the CloudFront dist, with a free certificate loaded on the EC2 --- to use ACM's free certificate, an LB is needed. – Jiulin Teng Oct 12 '20 at 08:04