When I link the AWS certificate to my Elastic Beanstalk application and visit the domain using https, I get: "This site cannot be reached, mydomain.com refused to connect." I can visit the site using http.
I created a security certificate with AWS ACM. I added my example.com domain name along with the additional names that were subdomains in the certificate. In my Load Balancing application environment, I installed the following:
I am setting up a SecurityGroup called awseb-e-abc123-stack-* for my environment as follows: 
There is another security group called awseb-e-abc123-stack-AWSEBLoadBalancerSecurityGroup-* , which looks like this. It has the same name tags as the above group, which matches the name of my environment:
The security group entries "AWSEBLoadBalancerSecurityGroup" seem to do nothing, since deleting all the entries still allows HTTP traffic to work.
In .elasticbeanstalk\securelistener.config , I have the following
option_settings: aws:elb:listener:443: SSLCertificateId: <my certificate ARN> ListenerProtocol: HTTPS InstancePort: 80
It seems that if I add a syntax error to this file, the deployment will still succeed.
Here is the result of curl -vL https://<my domain> :
* Rebuilt URL to: https://<my domain>/ * Trying <my elastic IP>... * connect to <my elastic IP> port 443 failed: Connection refused * Failed to connect to <my domain> port 443: Connection refused * Closing connection 0 curl: (7) Failed to connect to <my domain> port 443: Connection refused
I used a separate domain name register to configure my domain name and set up my domain. DNS A records the IP address equal to my Elastic IP.
[edit]
I mentioned above that changing the rules of a load balancing security group does nothing. This is because my EC2 instance security group was pointing to the instance security group, not the load balancing security group. When I specified the EC2 security group to the load balancing security group, the security group rules are enforced. I checked this by removing all the rules from the load balancing security group and seeing that requests were not accepted. However, if I add the HTTP and HTTPS rules to the load balancing security group, but remove all the rules from the instance security group, all HTTP requests go through. This is NOT the expected behavior, because the load balancer must redirect traffic to the instance. It seems that this is happening: (1) the instance security and load balancing groups are completely unrelated to the instance and load balancer and (2) the traffic does not go to the load balancer.
Is there anything else I'm missing?
[edit 2]
I read gkrizek comment incorrectly. If I use the public DNS load balancer, I can connect using HTTP or HTTPS. I can connect to both versions using telnet. So instead of creating an A record that installed testdomain.com on my Elastic IP, I created a CNAME sub.testdomain.com record set to the load balancer. Now I can view both http://sub.testdomain.com and https://sub.testdoamin.com . Two questions:
- Can I use a public DNS load balancer in a CNAME record? I cannot use the * .elasticbeanstalk.com URL because it is subject to change, so I am wondering if the same situation applies here.
- How can I protect
https://testdomain.com (without a subdomain). It seems that using this method it is not possible to have https://testdomain.com , since I cannot create an A record with the domain name.