0

  1. I have a node js app deployed onto EC2 instance running on port 300 and it is exposed to internet via port 80 & 443 via http load balancers.

  2. My security group allows inbound rules on 80 & 443. I have created SSL certificates with ACM for a domain created on GoDaddy (domain name:- www.abcd-example.com).

  3. For CNAME I added these values, Host(Name): _57xxxxxxxxxxxxxxx5d, Points to(value): _68xxxxxxxxxxx67.bxxxxxxxxxxxj.acm-validations.aws.

  4. My ACM certificate was issued and I had loaded these certificate on to load balancer. Now when I try to access the load balancer with https://, I am getting this error : NET::ERR_CERT_COMMON_NAME_INVALID.

I am not sure why this is happening as I had followed all the steps mentioned in AWS docs to dot. Can anyone help me out in this?

user1734698
  • 157
  • 2
  • 2
  • 17
  • I don't know what you meant by 'access the load balancer' but if you have a cert for `www.abcd-example.com` (and key) then you need to set DNS so `www,.abcd-example.com` resolves to the desired load balancer (I don't know for sure about AWS but typically this is a CNAME) and then your client e.g. browser accesses `https://www.abcd-example.com/[whatever]`. In short, if your cert is for domain X, use domain X. – dave_thompson_085 Oct 11 '20 at 00:13
  • By 'access load balancer' I mean copying the A record of the load balancer (xxx-region.elb.aazonaws.com) and opening it in browser. – user1734698 Oct 11 '20 at 09:46
  • So I have to create a CNAME record which resolves `www,.abcd-example.com` to the `A record(xxx-region.elb.aazonaws.com)` of the load balancer? – user1734698 Oct 11 '20 at 09:48
  • That's it; accessing `https://someamazonLBname` in the browser doesn't work because the certificate isn't for that name. Yes, you need to set up DNS to resolve your domainname (the comma was a typo by me, comma is not valid in a DNS hostname) to the LB; I don't know if Amazon cares which method you use, but CNAME is common. (To be clear, CNAME doesn't resolve to A as such; it resolves to the new domainname, which may in general have _any_ RRsets, but in your case happens to be A.) – dave_thompson_085 Oct 11 '20 at 17:50
  • @dave_thompson_085 that makes more sense. Alternatively, as I checked with AWS guides, I created Route 53 for my domain (webar-ashva.com) with SOA as (www.webar-ashva.com & webar-ashva.com) and added their naming servers to the naming servers in GoDaddy. As I understand, it take around 7-10 days for the mapping to be completed. Is this correct approach? – user1734698 Oct 18 '20 at 14:33
  • SOA must (and does) exist only at the top of your zone, in your case webar-ashva.com. You can have A records for any name(s) in your zone, but you actually have them only for www.webar-ashva.com, which is probably good since that's the only name your cert is good for. 7-10 days is excessive; DNS propagation frequently does take several hours (which surprises some people), but it should almost never be more than one day, certainly not a week. – dave_thompson_085 Oct 19 '20 at 17:32

0 Answers0