Why Is Access to Backend Servers Still Abnormal Even If I Have Created a Certificate?

The following are possible causes:

• You have created a certificate on the ELB console, but you do not have an HTTPS listener.

  To solve this problem, perform the following steps:

  • Continue using the current listener and install the certificate on the backend server.
  • Delete the current listener, add an HTTPS listener, and bind a certificate to the HTTPS listener.
• You have created a certificate on the Certificates page and are using an HTTPS listener, but you have not bound the certificate to the listener.
• Your certificate has expired.
• The domain name is different from the one specified when you create the certificate.
• A certificate chain is used, but its format is incorrect.
• You have bound a certificate to the HTTPS listener and also configure a certificate on the backend servers. Because you bind a certificate to the listener, ELB decrypts HTTPS requests from clients and sends decrypted requests to backend servers, and the certificate on backend servers decrypts these decrypted requests again. (Shared load balancers have this restriction, while dedicated load balancers do not have this restriction.)

  You can use either of the following methods to solve the problem:

  • Configure a certificate on the backend servers and use a TCP listener to transparently transmit HTTPS traffic to the backend servers.
  • Use an HTTPS listener and bind a certificate to the HTTPS listener. Do not configure the certificate on the backend servers.