Why does the HTTPS connection between my CloudFront distribution and load balancer fail?

2 minute read
0

I have HTTPS and HTTP listeners configured on my Classic Load Balancer or Application Load Balancer as the origin for my Amazon CloudFront distribution. The HTTPS communication between CloudFront and my load balancer fails. I want to resolve the HTTPS communication issues.

Resolution

The HTTPS communication failure might be caused by issues with the associated SSL certificate, security groups, or network access control list (ACL). Be sure that your distribution and load balancer meet the following security requirements:

Note: Application Load Balancers support multiple TLS certificates with smart selection using Server Name Indication (SNI). If your CloudFront distribution caches based on the host header, then verify that the Application Load Balancer has a TLS certificate configured with the same name. Otherwise, the Application Load Balancer offers its default certificate, which might not match the SNI associated with the ClientHello message from CloudFront.


Related information

Requiring HTTPS for communication between CloudFront and your custom origin

AWS OFFICIAL
AWS OFFICIALUpdated a year ago