I'm using a Classic Load Balancer or Application Load Balancer as the origin for my Amazon CloudFront distribution. I have HTTPS and HTTP listeners configured on my load balancer, but the HTTPS communication between CloudFront and my load balancer fails. If I change the origin protocol policy on my distribution to HTTP only, the connection works. How can I resolve the HTTPS communication issues?

The HTTPS communication failure might be caused by issues with the associated SSL certificate, security groups, or network access control list (ACL). Be sure that your distribution and load balancer meet the following security requirements:

Note: Application Load Balancers support multiple TLS certificates with smart selection using Server Name Indication (SNI). If you're whitelisting the host header on your CloudFront distribution, be sure that the Application Load Balancer has a TLS certificate set up with the same name. Otherwise, the Application Load Balancer offers its default certificate, which might not match the SNI associated with the ClientHello message from CloudFront.  

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2018-06-01