myNewAccount asked:
I just moved from Digital Ocean to AWS. My usual setup procedures for the web server I use for experimentation are not working.
I can reach the site through IPv4 but all domains error out and my SSL certificate doesn’t show up when tested on SSL Shopper. DNS appears to be working fine, my firewall is open, SSL certificate installed and NGINX running fine. When all the obvious things are working what do I need to check? Or alternately am I missing something really obvious?
This is my setup. I don’t mind listing the domain because it is used for testing only. I routinely destroy it and build it back to test different options and setups.
The IPv4 address brings up the default NGINX welcome screen.
All domains error out
SSL Labs test
IPs detected correctly but in both cases unable to connect to server.
https://www.ssllabs.com/ssltest/analyze.html?d=forinstance.io
SSL Shopper test
No SSL certificates found.
https://www.sslshopper.com/ssl-checker.html#hostname=forinstance.io
In Linux
Both ports open.
firewall-cmd –list-ports
80/tcp 443/tcp
Nginx installed.
Nginx status: Active: active (running) since Fri 2021-03-05 13:48:16
MST; 2h 33min ago
curl localhost:80 returns 301 redirect which is correct.
Lets Encrypt SSL certificate installed.
Expiry Date: 2021-06-03 18:11:03+00:00 (VALID: 89 days)
In AWS console:
VPC > Your VPCs >
DNS hostnames: Enabled
DNS resolution: Enabled
IPv6 pool: Amazon ✓ Associated
EC2 > Instances >
Instance state: Running
Status check: 2/2 checks passed
Public IPv4 address: 3.141.233.134 (forinstance.io)
Elastic IP addresses: 3.141.233.134 (forinstance.io) [Public IP]
EC2 > Security Groups >
Inbound rules
HTTP TCP 80 0.0.0.0/0
HTTPS TCP 443 ::/0
Route 53 > Hosted zones >
Records
forinstance.io A Simple 3.141.233.134
forinstance.io AAAA Simple 2600:1f16:c78:b001:40c1:f27c:8502:ac1b
www.forinstance.io A Simple 3.141.233.134
www.forinstance.io AAAA Simple 2600:1f16:c78:b001:40c1:f27c:8502:ac1b
My answer:
You need to open port 443 for IPv4 in your AWS security group (and port 80 for IPv6).
View the full question and any other answers on Server Fault.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.