SSL Issue with Lightsail load balancer

Opalchenitz · May 19, 2022, 9:23pm

Keywords: WordPress - AWS - Technical issue - Secure Connections (SSL/HTTPS)

bndiagnostic ID: 9a2fbd7d-ffd9-55c5-2a53-134e724c8778

bndiagnostic output:

? Apache: Found possible issues
? Wordpress: Found possible issues
? Resources: Found possible issues
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
https://docs.bitnami.com/installer/faq/linux-faq/administration/increase-memory-linux/

Description:
Hey There - I have created a wordpress site on lightsail. Originally, it was created as a single stand alone server.

I used bncert-tool to create the ssl certificates. I also force http to https. This is all working without exception on the instance thru the domain name.

it’s since become a bigger site and so I have had to add instances and a load balancer in lightsail.

I created the new instances from a snapshot of the existing instance (including the bncert-tool generated certificates). The instances are fine and i can log into them no issues via https (i.e. from the domain or the ip addresses of the instances) they are also showing up as healthy targets in my LB (i’m using a custom health check against an empty health.html file).

In the LB, i have added the certificate from Amazon and enabled force http to https.

However, I can’t open anything thru the LB. I get ERR_TOO_MANY_REDIRECTS and also warnings the my connection isn’t private and there are certificate errors.

I believe this is due to the fact that i used bncert-tool to create the initial certificae on the original instance. I then snapshotted that instance (including the bncert-tool generated certificates on the instance) and created the new instances from this snapshot.

How do i fix this certificate conflict? is it due to the bncert-tool certificates and what do i need to do get this working thru the load balancer?

Thanks!

O

michiel · May 20, 2022, 3:26pm

Hi @Opalchenitz,

I recommend the following guide that shows how to set up SSL for load balancer:

https://docs.bitnami.com/aws/how-to/configure-elb-ssl-aws/

Regards,
Michiel

Opalchenitz · May 21, 2022, 6:43pm

Hi Michiel -

thanks for this. However, I’m using lightsail, as i mentioned. Therefore, my load balancer shows up only in lightsail. as the result, the instructions you sent are not compatible with the setup that is available in lightsail for loadbalancers (lightsail > Networking > Load balancer). In Lightsail, you don’t have access to the routings or security groups for example.

Can you please send the requisite instructions for SSL with lightsail load balancers? I have a certificate from Amazon already on my load balancer.

As I mentioned, i believe there is a conflict between the certificates I installed on my lightsail instance using the bncert-tool and the certificate on the lightsail loadbalancer.

I look forward to your response.

michiel · May 23, 2022, 11:21am

Hi @Opalchenitz,

The configuration inside the VM should be the same in both cases, could you check it? You can skip the steps to configure the load balancer as you are using the Lightsail Load Balancer.

Regards,
Michiel

Opalchenitz · May 23, 2022, 1:32pm

Hey Michiel -

for the VM, i assume you mean check the EC2 instance?

As i mentioned, I also created the instances in lightsail, so they don’t show up in EC2 dashboard. So the steps that you sent are not possible for me to check as i created the instances in LIGHTSAIL.

can you please either explain more what you mean, send the correct instructions for LIGHTSAIL, or pass me on to someone who actually knows how to address the question that I’m asking?

Thanks!

michiel · May 25, 2022, 10:13am

Hi @Opalchenitz,

Can you check the output of the following command:

 curl -LI LOADBALANCER_IP

Regards,
Michiel

Opalchenitz · May 27, 2022, 10:47am

Hi Michiel -

I’ve ran the comment and have the output. to where shall i send it? or do i just post it here?

Thanks!

michiel · May 30, 2022, 8:05am

Hi @Opalchenitz,

Can you paste it here?

Regards,
Michiel

Opalchenitz · May 30, 2022, 2:34pm

Here you go

HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Mon, 30 May 2022 14:28:22 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://52.76.167.218:443/

HTTP/2 301 
date: Mon, 30 May 2022 14:28:45 GMT
content-type: text/html; charset=UTF-8
location: https://martexpoglobe.com/
server: Apache/2.4.52 (Unix) OpenSSL/1.1.1n
x-powered-by: PHP/7.4.27
x-redirect-by: WordPress

HTTP/1.1 200 OK
Date: Mon, 30 May 2022 14:28:46 GMT
Server: Apache/2.4.52 (Unix) OpenSSL/1.1.1n
X-Powered-By: PHP/7.4.27
Link: <https://martexpoglobe.com/wp-json/>; rel="https://api.w.org/", <https://martexpoglobe.com/wp-json/wp/v2/pages/4851>; rel="alternate"; type="application/json", <https://martexpoglobe.com/>; rel=shortlink
X-TEC-API-VERSION: v1
X-TEC-API-ROOT: https://martexpoglobe.com/wp-json/tribe/events/v1/
X-TEC-API-ORIGIN: https://martexpoglobe.com
Content-Type: text/html; charset=UTF-8

michiel · June 1, 2022, 8:00am

Hi @Opalchenitz,

The domain seems to point to the instance and not to the loadbalancer:

https://www.whatsmydns.net/#A/martexpoglobe.com

You need to reconfigure the DNS settings to make it point to the loadbalancer IP.

Regards,
Michiel

system · June 15, 2022, 8:01am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.