0

First of all I tried to google, read a lot blogs & aws official documentation and couldn't find anything that works in my case.

Scenario & Problem:

I have a godaddy domain and a beanstalk environment. Also, I issued ACM certificate and assigned it to beanstalk through configuration. I can see the issued certificate in loadbalancer attached to beanstalk env. I have setup (godaddy) A record to elastic IP of my beanstalk instance & www to beanstalk dns x.us-west-2.beanstlak.com. Http is working absolutely fine. But no luck with https.

Loadbalancer Listener: 

HTTPS   443 HTTP    80  Change  07xxaab5-afqq-4tyb-bbz-0eaxxxw37 (ACM)

Any help would be appreciated.

EEAA
  • 108,414
  • 18
  • 172
  • 242
Saad Abdullah
  • 113
  • 1
  • 10
  • You should not direct requests to your EB instance - it all needs to go through your load balancer. It's your load balancer that is configured with your cert. – EEAA Apr 04 '17 at 00:38
  • I have load balancer attached to beanstalk environment. (through configuration -> HTTPS -> 443). So, when I open mydomain.co.uk shouldn't it hit my elastic IP, which has a load balancer attached...right? – Saad Abdullah Apr 04 '17 at 00:42
  • Wrong. Your EIP has nothing to do with your load balancer. – EEAA Apr 04 '17 at 00:43
  • its not an old balancer. I created a complete new load balancing environment. After successful launch, i went to configuration of beanstalk environment to set HTTPS (443) then selected my pre-issued ACM certificate for domain. Also you can check the loadbalancer listener i updated in question. – Saad Abdullah Apr 04 '17 at 00:46
  • Sorry, "old" was a typo. Again, your requests need to be directed to the address of your load balancer, not your EIP. – EEAA Apr 04 '17 at 00:48
  • i see. So you meant to say that I shouldn't add x.us-west-1.beanstalk.com on WWW record of godaddy domain? And instead of A name record (currently elastic IP) what should I add? (because godaddy A name record should be an IP) – Saad Abdullah Apr 04 '17 at 00:50
  • Your domain needs to point to the host name of your load balancer. This can either be a CNAME or Alias record. I don't believe GoDaddy supports Alias records, though. – EEAA Apr 04 '17 at 00:51
  • the simple question here is If i cannot use elastic IP as A name record on godaddy domain...Which IP can I use? I mean as per my understanding, there is no IP attached to load balancer. As you know Godaddy domain only accepts IPs instead of dns or hostnames – Saad Abdullah Apr 04 '17 at 00:54
  • Then you'll need to change DNS providers. Plain and simple, you cannot directly use an IP with ELB. – EEAA Apr 04 '17 at 00:55
  • GoDaddy is a horrible company anyway. They don't deserve your business. – EEAA Apr 04 '17 at 00:55
  • I agree. But currently I am bound to use godaddy domain. – Saad Abdullah Apr 04 '17 at 00:56
  • 1
    Well then it's not going to work for you. – EEAA Apr 04 '17 at 00:57
  • So, I assume there is no way to use beanstalk environment & ACM with godaddy domain. – Saad Abdullah Apr 04 '17 at 00:58
  • It can work with www.example.com, because that can be a CNAME record. It will never work with your zone apex, though. – EEAA Apr 04 '17 at 00:59
  • the funny thing is it was working before on a single instance with letsencrypt certificate & godaddy domain. – Saad Abdullah Apr 04 '17 at 01:00

1 Answers1

2

To synthesize an answer based on the comment thread:

Usage of ELB requires that you can point your DNS names to the ELB via either CNAME or Alias (ANAME) records. You cannot use A records with ELB.

If you are using a DNS provider that does not support Alias record types, you will not be able to point your zone apex (e.g. example.com) to your ELB. In this situation, you still are able to point other names, such as www.example.com to the ELB, as that can be a CNAME record, which all providers support.

Your setup is currently working just fine with HTTPS except for the fact that www.legitclaims.co.uk is not listed as a valid name on your certificate. Only legitclaims.co.uk is:

enter image description here

EEAA
  • 108,414
  • 18
  • 172
  • 242
  • okay. putting awseb-e-g-AWSEBLoa-xxxxx-xxxxx.us-west-2.elb.amazonaws.com WWW record in godaddy should work..right ? – Saad Abdullah Apr 04 '17 at 01:15
  • Yes, that should work, as a `CNAME` record. – EEAA Apr 04 '17 at 01:16
  • awesome! If it works I can redirect to www. let me check and get back to you. – Saad Abdullah Apr 04 '17 at 01:17
  • Well, you need to serve your zone apex with HTTPS as well (if even just to do the redirect), which you can't do with your current DNS situation. – EEAA Apr 04 '17 at 01:21
  • I switched my x.us-west-2.beanstalk.com to awseb-e-g-AWSEBLoa-xxxxx-xxxxx.us-west-2.elb.amazonaws.com as CNAME WWW record. I am not sure how much time it takes to update records. But getting not secure with https on https://www.mydomain.co.uk – Saad Abdullah Apr 04 '17 at 01:25
  • Well, without knowing the hostname in question, there's nothing more I can do to help. – EEAA Apr 04 '17 at 01:27
  • here you go: Domain: https://www.legitclaims.co.uk/ ELB: awseb-e-g-AWSEBLoa-OKJM2PEUYJE3-1375367985.us-west-2.elb.amazonaws.com – Saad Abdullah Apr 04 '17 at 01:28
  • Please see my updated answer - you need to correct the valid hostnames for your certificate. – EEAA Apr 04 '17 at 01:35
  • You can add both hostnames to your ACM cert if you'd like. That way you can use the cert for both once you move away from GoDaddy. – EEAA Apr 04 '17 at 01:36
  • Thank you...Its working now. The point was to issue certificate for www.mydomain.com in my case instead of domain.com. If possible you can update answer with this. Thank you once again and have a nice day :) – Saad Abdullah Apr 04 '17 at 01:42