0

Background of the Application

  • I have MERN Stack Application running (where frontend reactJS is running inside NodeJS backend server)
  • The whole application is then wrapped inside Docker Container
  • Then Deployed in AWS ECS EC2 (using single Service & Task) behind a single Application Load Balancer.
  • Created a Hosted Zone in AWS Route 53 to Point my domain name to Load Balancer
  • Now the application is successfully running when I visit my domain name.

Problem Araised Here

  • The website is "Not Secure"!! — I want to install SSL Certificate
  • I went to AWS Certificate Manager
  • Successfully got a certificate by adding CNAME in the AWS Hosted Zone Records
  • Configured Security Group, Load balancer Listeners to HTTPS
  • Added that Certificate to Load Balancer listener

Actual Problem

  • I got the certificate, connected to load balancer,
  • I can see my certificate in the address bar - "Certificate is Valid"
  • And still, it shows my the Site is "Not Secure" - Below image is for your reference.

Screenshot of the Error: Certificate is Valid but Still Not Secure

Error in the Console (Edited)

Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure resource 'http://my-alb-XXXXXXX.us-xxxx-X.elb.amazonaws.com/api/goals'. This request has been blocked; the content must be served over HTTPS.

Error in the Console

My Assumption of What Went Wrong

  • Since AWS ALB has its own DNS Name, which is "Not Secure"
  • Connecting my new secured domain name TO an unsecured AWS ALB DNS name would be the problem.

AWS Application Load Balancer's DNS Name

Appreciate Your Response

Thank you,

ARUN

Arun S
  • 51
  • 1
  • 5
  • 1
    You're assumption is wrong, that is not the problem. As long as you are entering the domain name in the browser's address bar that matches the SSL certificate, the browser will have a secure connection to the load balancer. The fact that a server has an alternate domain name that doesn't match the SSL certificate is not a problem. For example every single server on the Internet has an IP address that you could go to directly that doesn't match the server's SSL certificate. Are you entering `http` or `https` in the browser? Check the network tab to see if any `http` resources are being loaded. – Mark B Feb 12 '22 at 13:52
  • I entered starting with https, I'm getting error in the console — "Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure resource 'http://my-alb-XXXXXX.us-xxxx-X.elb.amazonaws.com/api/goals'. This request has been blocked; the content must be served over HTTPS." – Arun S Feb 12 '22 at 15:57
  • 1
    So your website is creating links inside the code to the load balancer URL, instead of your custom domain name. You need to fix that in your software. – Mark B Feb 12 '22 at 16:16
  • That was actually backend api request url, which I was pointing to AWS ALB DNS name. Now I changed my backend api request url to my domain itself (https://example.com). Thank you so much Mr. Mark B. Now it's working perfectly. – Arun S Feb 12 '22 at 16:44

0 Answers0