- I have a EC2 Instance in which I've installed an SSL certificate via LetsEncrypt
- The Instance hosts a FastApi and Gunicorn which serves as server for a mobile app
- There's an elastic IP attached to the EC2 instance
- All inbounds and outbounds EC2 ports are opened
- I have imported in the Certificate Manager (east-2 Virginia) the SSL certificate generated by LetsEncrypt
- I have created an hosted zone in Route53 adding a domain (www.example.com) and creating the CAA (0 issue "letsencrypt.org") changed the nameservers in godaddy as per the ones in the Route53 NS
- I have created a CloudFront distribution having as origin the Public IPv4 DNS of the EC2 instance, redirecting HTTP to HTTPS, setting the Custom SSL certificate equal to the one uploaded in the Certificate Manager (LetsEncrypt) and in the Alternate domain name (CNAME) added the www.example.com
- I have added in Route53, in the A record, the CloudFront Distribution domain name
Given these premises, in the EC2 instance there is not a landing html page (like hello world!) to be reached if the CloudFront Distribution domain name or the domain name is pinged.
However, If I ping it, I get the 502 error (502 ERROR The request could not be satisfied. CloudFront wasn't able to connect to the origin. We can't connect to the server for this app or website at this time).
The domain was validated in the SSLlab without throwing errors except a "Chain issues Incorrect order, Extra certs" in the "Additional Certificates section" (not in the "Server Key and Certificate #1") and the X-Cache says: Error from CloudFront.
How can I fix the 502 error?
EDIT
I've posted the solution in the comment
CodePudding user response:
The solution was to keep everything as above stated but:
- remove the ssl certificate from the instance
- generate a new ssl certificate in Certificate Manager from Amazon (this also implies creating records in Route 53 of the CNAME of the new certificate and selecting the new certificate in the Cloudfront distribution).
At the end the issue was a conflict between the two ssl certificates. Only one had to be kept.