When a website is reachable through an IPv4 address, DNS is tested and working but all domains error out in Chrome what needs to be checked?

amazon-web-services web-server

I just moved from Digital Ocean to AWS. My usual setup procedures for the web server I use for experimentation are not working.

I can reach the site through IPv4 but all domains error out and my SSL certificate doesn't show up when tested on SSL Shopper. DNS appears to be working fine, my firewall is open, SSL certificate installed and NGINX running fine. When all the obvious things are working what do I need to check? Or alternately am I missing something really obvious?

This is my setup.

The IPv4 address brings up the default NGINX welcome screen.

Unfortunately all domains error out,

http://example.com

https://example.com

http://www.example.com

https://www.example.com

SSL Labs test

IPs detected correctly on https://www.ssllabs.com/ but in both cases unable to connect to server.

SSL Shopper test

No SSL certificates found on https://www.sslshopper.com/.

In Linux

Both ports open.

firewall-cmd --list-ports

80/tcp 443/tcp

Nginx installed.

Nginx status: Active: active (running) since Fri 2021-03-05 13:48:16 MST; 2h 33min ago

curl localhost:80 returns 301 redirect which is correct.

Lets Encrypt SSL certificate installed.

Expiry Date: 2021-06-03 18:11:03+00:00 (VALID: 89 days)

In AWS console:

VPC > Your VPCs >

DNS hostnames: Enabled

DNS resolution: Enabled

IPv6 pool: Amazon ✓ Associated

EC2 > Instances >

Instance state: Running

Status check: 2/2 checks passed

Public IPv4 address: 1.1.1.1 (example.com)

Elastic IP addresses: 1.1.1.1 (example.com) [Public IP]

EC2 > Security Groups >

Inbound rules

HTTP TCP 80 0.0.0.0/0

HTTPS TCP 443 ::/0

Route 53 > Hosted zones >

Records

example.com A Simple 1.1.1.1

example.com AAAA Simple 2001:0db8:85a3:0000:0000:8a2e:0370:7334

www.example.com A Simple 1.1.1.1

www.example.com AAAA Simple 2001:0db8:85a3:0000:0000:8a2e:0370:7334

== UPDATE==

This is what my security console looks like. VPC > Security Groups > [my id] enter image description here


You need to open port 443 for IPv4 in your AWS security group (and port 80 for IPv6).

Related

Do you need Nginx / Apache for deploying an API?
HAProxy send-proxy to Nginx
Azure private endpoints and ACL
Windows 10 non-server edition Remote Shell
iptables: is it possible to spoof NEW packets and make them look like ESTABLISHED packets?
How can I know if one disk faults on RAID 5?
How to check cpu history
Postfix/Fail2ban, Send mail to admin on problems
When process writes to pseudoterminal slave, why it doesn't read what it wrote?
Is it possible to apply any themes to improve the appearance of Evolution?
How to attach new EBS volume to Ubuntu machine on AWS?
How do I set my system to auto-update without user interaction?