3

Currently getting the net::ERR_CERT_COMMON_NAME_INVALID when trying to access my application through the ALB.

This is my current setup:

  • SSL Certificate created that covers example.com & *.example.com using AWS Certificate Manager.
  • 2 server ec2 instances behind a load balancer and 2 client instances behind another load balancer.
  • An alias record in my Route 53 hosted zone pointing to the client ALB.
  • Both ALBs have the SSL certificate for example.com attached to them.
  • Both ALBs have a single HTTPS: 443 listener forwarding https traffic to ec2 instances on port 80.
  • The server ALB security group allows inbound traffic from the client ALB Security Group and outbound to the server instances security group.
  • The applications in the client ec2 instances are React Apps pointing to the server ALB at https://xxxxxxxxxx.elb.amazonaws.com/api

Accessing the application via https://example.com causes net::ERR_CERT_COMMON_NAME_INVALID in the console with the browser saying:

Error: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xxxxxxxxxx.elb.amazonaws.com” which could put your confidential information at risk.

I'd be happy to provide more details if it helps.

Anthony Maina
  • 33
  • 5

1 Answers1

1

If you have your own domain example.com with correct SSL certificate then you can't use https://xxxxxxxxxx.elb.amazonaws.com/api which is AWS domain. The reason is that SSL cert is for example.com, not for https://xxxxxxxxxx.elb.amazonaws.com/api.

You have to modify your application code to only use example.com.

Marcin
  • 215,873
  • 14
  • 235
  • 294
  • What SSL certs should I then associated with the ALBs? Since ```example.com``` is pointing to the Load Balancer for the client apps, if I changed the application code to use ```example.com/api/``` that would still point to the client app. How could I point to the servers behind their own load balancer while still using ```example.com``` ? – Anthony Maina May 30 '21 at 00:00
  • @AnthonyMaina I don't understand. Everything from your front-end has to go through ALB using example.com, that's why you have it in the first place. – Marcin May 30 '21 at 00:14
  • 1
    Got it. I created a new record on route 53 called ```api.example.com``` pointing to the server ALB. Now the application code uses that to communicate to the servers and it's working now with no errors. – Anthony Maina May 30 '21 at 00:25