Wild card SSL not working on subdomain pointed to different server
Question
This could be possibly a duplicate question, but I've tried every solution I found and nothing worked. On main domain, I've successfully installed SSL and it is working fine. I need to install the same wild card SSL on other two instances which are using for subdomain .
The overall structure I've setup so far is as follows -
- Cloudflare is using for CDN where I've created A record for all 3 instances. One for main domain and other 2 for subdomains.
- Created 3 instances (Ubuntu 18.04 + Apache) on AWS EC2
When I am hitting subdomain in browser, it is showing lock sign but with Error 521: Web server is down
but When I am trying it with default Public DNS, it is showing my page without any error.
Please suggest what is missing here. Thanks much!!
2 answers
solution1
0 2020-07-31 06:40:09
The 521 error from CloudFlare indicates that it is unable to speak to your host on that port.
Error 521 occurs when the origin web server refuses connections from Cloudflare. Security solutions at your origin may block legitimate connections from certain Cloudflare IP addresses.
The two most common causes of 521 errors are:
- Offlined origin web server application
- Blocked Cloudflare requests
Please check the following:
- The EC2 security group is allowing inbound access on both port 80/443 (this cannot be locked down to your IP address).
- If a NACL is in place (which is not the default one) ensure that both the communication ports (80/443) and the ephemeral ports are open.
- Ensure that the servers are listening on both port 80/443.
It is important to identify whether CloudFlare it attempting to connect to HTTP or HTTPS, it can support both of these models based on the configuration.
If you're still stuck after these points you can attempt to validate the requests going to your server usingVPC Flow Logs .
solution2
0 ACCPTED 2020-08-02 11:26:36
Finally, this answer gave me a hint How to install third-party SSL Certificate with AWS EC2 Instance (Ubuntu AMI)? Will it cost one-time or monthly basis?
And I resolved this error as follow -
1. Downloaded the certificate files from primary server
2. Uploaded the same certificate files to the secondary server where the subdomain is pointed
3. then edit /etc/apache2/sites-available/default-ssl.conf file on secondary server, search for "SSLCertificate" and change the following lines
4. Enable the SSL configuration, and restart the webserver.
ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/
apachectl configtest
apachectl graceful
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.