Score:3

Server

SSL converted page is not reachable on the internet

daylyroppo3

11/25/22, 7:49 AM

My web page is hosted on AWS.and it was SSL converted.

I can see the page from my own computer and smartphone in my home Network and Wifi area. But from the outside (ex: access website from a smartphone outside) the page is not reachable.

So I checked the Security group and port NO.

Inbound rules are below.

According a manual I reffered it seems OK, but if there is something wrong please let me know.

Here is telnet command result on port 443 Sorry it's written in Japanese. It says that unable connect to the host. Port No 443: Failed to connect.

Does it mean port 443 is closed??

I tried iptables -L -v -n below

I can not figure out the meaning...

Result of curl to the AWS IP: curl -k -vv https://

It seems it does not working.

Result of tcpdump -nni any port 443

Route 53

Detail of load balancer Can you figure out information from above? If you need other information plase let me know.

Target group I can see something unhealthy above. Target group is not configured to receive traffic from the load balancer

And maybe there are other points I need to check, so If you need to see other point, Please let me know I'll update the detail.

Thank you.

429

1 + 8

ssl

ssl-certificate

amazon-ec2

amazon-web-services

Ajay Singh

11/25/22, 8:22 AM

Then it could mean lot of things, like system firewall like iptables, server misconfig, etc... Check what aws checks are showing. Try connecting to those ips using telnet command on port 80 and 443. Check if DNS is configured correctly. Also I'd suggest posting information in same question by editing the question.

daylyroppo3

11/25/22, 8:53 AM

@Ajay Singh I tried telnet command on port 80 and 443. The result is uploaded in the question, port 80 is OK but 443 is not. What should I check next? Please give me your advice again.

Ajay Singh

11/25/22, 9:11 AM

Are you using this ip 3.129.28.206 as load balancer? If yes, the DNS A records of the domain you mentioned in other question is pointing to two other ips in 18.116 block. Check IP firewall like iptables and aws security groups for all three computes, also check which group is attached to the instances. Also check if load balancer ssl is configured correctly, since port 80 is working.

daylyroppo3

11/25/22, 10:03 AM

@Ajay Singh Yes I use load balancer. I uploaded other information. I'll upload others again soon.

daylyroppo3

11/25/22, 10:26 AM

@Ajay I uploaded information about load balancer if you need further information, please let me know.Thank you.

Ajay Singh

11/25/22, 10:39 AM

The first image is a different security group than the one attached to load balancer, have you checked if 443 is open in '..wizard-2' config?

daylyroppo3

11/25/22, 10:49 AM

@Ajay Sorry I don't understand the meaning of '..wizard-2' config... I updated 'Target group' image it says unhealthy, what does it mean?

Ajay Singh

11/25/22, 10:53 AM

Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/127889/discussion-between-ajay-singh-and-daylyroppo3).

Score:6

Server

A. Darwin

11/25/22, 8:51 AM

Try a curl to the AWS IP: curl -k -vv https://<your aws ip>.
If it works, try the same thing using the hostname. If this time it doesn't work it's a DNS issue.
Check if there's some firewall inside the VM. For example: iptables -L -v -n. You may have some firewall rules preventing most IPs from accessing your web server.
Check if there's some ACL on the web server itself. Web servers can be configured to ignore requests coming from certain IP addresses. If you're using Apache, check the Require lines in your configuration.

As a general rule, you can run a tcpdump -nni any port 443 on the server (you may have to install tcpdump) and repeat your test. Tcpdump basically collects and displays the actual packets involved, so if you try and some packets reach the server on port 443, it means nothing outside the VM blocked it and the issue probably is server related. If, on the other hand, you don't see any packet, it means something else is blocking you from accessing the web server.

EDIT

If you have a load balancer, ensure it is correctly pointing to the 443 port of the backend server(s). If not, traffic reaching the load balancer may be redirected to another port (80?) where HTTPS is not supported, which can "break" your connection.

0 + 5

daylyroppo3

11/25/22, 10:11 AM

Thank you for your advice. `curl -k -vv https://<your aws ip>` doesn't work, so it's a DNS issue. The result of `iptables -L -v -n` is updated on my question. It seems there is no firewall rules. The result of `tcpdump -nni any port 443` is tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes Does it make sense?

A. Darwin

11/25/22, 10:14 AM

@daylyroppo3 Just to be clear: if curl with the IP doesn't work, it *isn't* a DNS issue. It would be a DNS issue if curl+IP succeeded but curl+hostname didn't, but this isn't your case. It looks like HTTPS packets from the outside don't reach your VM. You said in another comment that you have a load balancer. There may be some issue between the load balancer and your VM on the 443 port . Please update your question with details on how the load balancer is configured.

daylyroppo3

11/25/22, 10:26 AM

I uploaded information about load balancer if you need further information, please let me know. Thank you.

daylyroppo3

11/25/22, 10:34 AM

Could you teach me how to ensure that whether load balancer is correctly pointing to the 443 port of the backend server?? sorry I'm a complete beginner.

daylyroppo3

11/25/22, 10:50 AM

I updated 'Target group' image it says unhealthy, what does it mean?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: SSL converted page is not reachable on the internet

TH: หน้าแปลง SSL ไม่สามารถเข้าถึงได้บนอินเทอร์เน็ต

RO: Pagina convertită SSL nu este accesibilă pe internet

RU: Преобразованная страница SSL недоступна в Интернете

VI: Trang chuyển đổi SSL không truy cập được trên internet

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.