Login/Register
AWS Application Load Balancer throws net::ERR_CERT_COMMON_NAME_INVALID
Asked Answered
Solved amazon-web-servicessslload-balancing
D

3

8

I have created an microservice API application and hosted it on AWS ECS cluster and attached this cluster to AWS Application Load Balancer (ALB). Added a certificate from AWS Certificate Manager to the ALB. When I try to call using the link provided by AWS ALB, from my frontend app, it returns an error:

net::ERR_CERT_COMMON_NAME_INVALID

The link from ALB is sonething like this: xxxxx-xx-xxxxxxxxx.ap-south-1.elb.amazonaws.com

I attached a SSL certificate to the listener. The SSL is issued using AWS Certificate Manager for my-site.xyz and *.my-site.xyz

The frontend application is react application hosted on different-site.ai using AWS Amplify

Danish answered 23/8, 2020 at 8:31 Comment(0)
S
5

Edit The OP wanted this to resolve for their root/apex domain example.com, as they use Namecheap (which support an Alias record) a value was added for the root domain following these instructions.

Alias records are also supported in Route 53.

It needed to be an alias record as a root domain traditionally can only resolve to an IP address which would be an A record, whereas Alias will map the IP of the CNAME record to the value instead.

Original

The error thrown is because the SSL certificate that is attached is not applicable for the domain you're trying to access.

For example the cert is for example.com but you're trying to access xxxxx-xx-xxxxxxxxx.ap-south-1.elb.amazonaws.com.

To access this you must access on a valid domain name, to do this add a DNS record so that example.com resolves to xxxxx-xx-xxxxxxxxx.ap-south-1.elb.amazonaws.com. Then when accessing example.com the SSL will be valid.

Satan answered 23/8, 2020 at 8:37 Comment(11)
Can you please explain how do I add a DNS record that resolves to xxxxx-xx-xxxxxxxxx.ap-south-1.elb.amazonaws.com.. If this works, I'll upvote all your answersDanish
Did you managed to get it? If not tell me your hosting provider and I'll try to find some docs for it :)Satan
my hosting provider is namecheap.com , I need to know what values to put in and what kind of record to makeDanish
OK is your domain the Apex record (example.com) or Subdomain (subdomain.example.com)?Satan
It is example.comDanish
OK great, so you'd want to follow: namecheap.com/support/knowledgebase/article.aspx/10128/2237/…. Add an Alias record of @ with the value of xxxxx-xx-xxxxxxxxx.ap-south-1.elb.amazonaws.comSatan
Did that. Let me wait for 5 minutes and see if it worksDanish
It is working :D Please update in the answer for others that an Alias with Host as @ and value as the load balancer link needs to be created. Awesome. ThanksDanish
Updated answer :)Satan
Thanks for this. A bit off topic, but my issue was with a custom domain on an API Gateway. Make sure you map your DNS record to the API Gateway's domain name, not its invoke URL.Farleigh
I have the same issue, but I'm using Route53 as my DNS table. I added an A alias record to my ALB (for example.com), and a CNAME to the same ALB (for www.example.com). Then requested a SSL cert and included both example.com and www.example.com. And I'm getting net::ERR_CERT_COMMON_NAME_INVALIDAge
I
1

In my case, when I was requesting a certificate, I failed to list the domain names correctly.

For example, if your website was www.somewhere.com, you would need to add

www.somewhere.com

and also add

somewhere.com
Ilke answered 12/9, 2021 at 18:20 Comment(0)
N
0

The key for me was Route 53 - The A record should NOT point to any hardcoded IPs, but instead should be an Alias to an ALB / Classic Load Balancer.

(Edit the Route 53 record - choose your exact ALB from the dropdown list), and it will fill the 'URL' : dualstack.alb-123456.us-region.elb.amazonaws.com

Followed this: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-elb-load-balancer.html

Nigrosine answered 2/8, 2023 at 14:21 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.