When a website is reachable through an IPv4 address, DNS is tested and working but all domains error out in Chrome what needs to be checked?

on

myNewAccount asked:

I just moved from Digital Ocean to AWS. My usual setup procedures for the web server I use for experimentation are not working.

I can reach the site through IPv4 but all domains error out and my SSL certificate doesn’t show up when tested on SSL Shopper. DNS appears to be working fine, my firewall is open, SSL certificate installed and NGINX running fine. When all the obvious things are working what do I need to check? Or alternately am I missing something really obvious?

This is my setup. I don’t mind listing the domain because it is used for testing only. I routinely destroy it and build it back to test different options and setups.

The IPv4 address brings up the default NGINX welcome screen.

http://3.141.233.134/

All domains error out

http://forinstance.io

https://forinstance.io

http://www.forinstance.io

https://www.forinstance.io

SSL Labs test

IPs detected correctly but in both cases unable to connect to server.

https://www.ssllabs.com/ssltest/analyze.html?d=forinstance.io

SSL Shopper test

No SSL certificates found.

https://www.sslshopper.com/ssl-checker.html#hostname=forinstance.io

In Linux

Both ports open.

firewall-cmd –list-ports

80/tcp 443/tcp

Nginx installed.

Nginx status: Active: active (running) since Fri 2021-03-05 13:48:16
MST; 2h 33min ago

curl localhost:80 returns 301 redirect which is correct.

Lets Encrypt SSL certificate installed.

Expiry Date: 2021-06-03 18:11:03+00:00 (VALID: 89 days)

In AWS console:

VPC > Your VPCs >

DNS hostnames: Enabled

DNS resolution: Enabled

IPv6 pool: Amazon ✓ Associated

EC2 > Instances >

Instance state: Running

Status check: 2/2 checks passed

Public IPv4 address: 3.141.233.134 (forinstance.io)

Elastic IP addresses: 3.141.233.134 (forinstance.io) [Public IP]

EC2 > Security Groups >

Inbound rules

HTTP TCP 80 0.0.0.0/0

HTTPS TCP 443 ::/0

Route 53 > Hosted zones >

Records

forinstance.io A Simple 3.141.233.134

forinstance.io AAAA Simple 2600:1f16:c78:b001:40c1:f27c:8502:ac1b

www.forinstance.io A Simple 3.141.233.134

www.forinstance.io AAAA Simple 2600:1f16:c78:b001:40c1:f27c:8502:ac1b

My answer:

You need to open port 443 for IPv4 in your AWS security group (and port 80 for IPv6).

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Related Post

How to tell php-fpm to send php error log to the nginx error log?

Ubuntu to list relevant security advisories

nginx redirects subdirectory requests without trailing slash to a URL with specified port

Get more information from apt-get if it reports an "impossible situation"

How to identify if RMM4 hardware module is installed

In postfix, how to enforce tls + auth over 587 while leaving tls optional for 25