I have a problem with load balancing and SSL. Currently, I have one load balancer with one single listener, and sitting behind it is so far the only instance of EC2. During development, I used a self-signed certificate, and it worked just fine.
The problem is that I bought a "real" certificate and replaced it in my only listener, I still see the old self-signed certificate. Here is what I have done so far:
- Configured an "SSL certificate" for my listener by selecting "Upload a new SSL certificate." No errors were reported here.
- Removing the old certificate to ensure that it is not in use by running "aws iam delete-server-certificate --server-certificate-name = OLD_SELF_SIGNED_CERT". When I now run "aws iam list-server-certificates", I see only one certificate, and this is the new certificate that I purchased and uploaded to (1). I am sure that the new certificate is shown, because the "Expiration" field of the command output is the date in 2017, while the old self-signed certificate expired in 2016. Also the drop-down menu "Certificate Name" in the "Select Certificate" window for the load balancer displays only the new certificate.
- When I got into the load balancer in all the browsers I tried (on Windows, Mac and on the phone), I received a certificate warning. Looking at the certificate shows that the old self-signed certificate has been deleted.
- Running "openssl s_client -showcerts -connect LOAD_BALANCER_URL" also displays the old self-signed certificate.
Thus, the AWS management interface and AWS CLI tools report that a new certificate is being used, but none of my web browsers on any computer open a new certificate.
( , ), . , , , . , , , , AWS (http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-update-ssl-cert.html): " , , node , , " ( ). , . , , , .
? , , , , - .
!