I have completely ran out of ideas to fix this issue. I've gone through just about every given solution to similar issues and nothing has worked successfully.
I've successfully set up my Ruby on Rails application using Elastic Beanstalk to work over HTTPS. The url provided for my elastic beanstalk application is working correctly – which means my SSL cert is correct.
I have two hosted zones for my registered domain which I tried to route to my elastic beanstalk URL using CNAMEs, but that doesn't do what I want since www.something.example.com will work, but www.example.com won't – which is pointless.
I originally used A records for each hosted zone and set them to the Elastic IP address associated with my Ec2 instance. The problem with this though, is that my public DNS url does NOT work when configured for HTTPS. I get an "ERR_CONNECTION_REFUSED" every time I try to connect to either the elastic IP or the given Ec2 public DNS.
Here are the Load Balancing settings for my Elastic Beanstalk app:
Here is the security group info from my Load Balancer description:
Here are the set rules for that security group:
Here is the view from the instance showing the set rules:
Here are the listener settings from the load balancer:
I used this solution to set the listener settings.
I used this solution to set the inbound settings for the security group.
I have "config.force_ssl = true" in my production.rb file. I can not access the site using HTTP, all traffic is rerouted automatically to HTTPS.
To recap:
- Elastic Beanstalk env URL – working correctly (HTTPS)
- Ec2 Instance public DNS – NOT working (HTTPS)
- Elastic IP – NOT working (HTTPS)
Thank you to anyone that can provide insight as to what's going on.
EDIT
Fixed. See checked solution.
Best Answer
Solution: (assumes your dns for example.com is in route53): Create an A record for the apex of example.com (no hostname), and select YES for alias.
For the Alias Target, use the ELB entry point for elastic beanstalk (there should be a drop-down list you can choose from.
After the dns record propagates, you can reach the site correctly via https://example.com (I tested this via an /etc/hosts entry).
If you do not have example.com in route53 (or cannot get it there), you will be forced to create a different SSL certificate, because it the current one is only usable on the apex of your site. A wildcard certificate for *.example.com would give you much more flexibility in site names in DNS.