Https not working on aws ec2

Phoenix Forum Questions / Help
, ,
21

I have the following configuration for my production environment (config/prod.exs):

config :epr, EprWeb.Endpoint,
  load_from_system_env: true,
  url: [host: "mydomain.com", port: 443],
  http: [port: 80],
  force_ssl: [rewrite_on: [:x_forwarded_proto]],
  https: [
          otp_app: :epr,
          port: 8443,
          keyfile: System.get_env("KEYFILE"),
          certfile: System.get_env("CERTFILE"),
          cacertfile: System.get_env("CACERTFILE")
         ],
  cache_static_manifest: "priv/static/cache_manifest.json"

My local firewall is enabled and forwarding from 443 to 8443. Note, I didn’t wanted to use nginx. For a high volume production application you must consider using it.

# Configure UFW
sudo ufw allow ssh
sudo ufw enable
sudo ufw allow 4001
sudo uff allow 8443

— Add /etc/ufw/before.rules
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 4001
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
COMMIT

Not sure if adding “:ssl” to your application configuration is still a requirement:

# Add ssl to application definition m    mix.exs
    def application do
    [
      mod: {Epr.Application, []},
      extra_applications: [ "your other applications", :ssl]
    ]
  end

You can also check Phoenix Guide to use SSL: https://hexdocs.pm/phoenix/endpoint.html#using-ssl

Hope this helps.

2 Likes
22

thank you all for help.

after spending lot of time i thought lets try other ssl certificates.

then i tried letsencrypt and godaddy they are working fine
so the problem is namecheap comodo ssl not working.

i dont know what is the problem same setup other ssl’s working

thanks all

23

If you’re on AWS consider just using one of the AWS ALBs and AWS issued certs.

2 Likes
24

I stumbled across this issue when I was dealing with a Comodo (rebranded as Sectigo) cert. I also bought from Namecheap, but was able to resolve this and wanted to leave a note in case others come across this post with the same issue.

Different certs are not provided in the same way. I was getting an error “server is missing an intermediary (broken chain).” The key is matching the correct file to the correct config option. The files you get from Namecheap are:

  • website_com.ca-bundle
  • website_com.crt
  • website_com.p7b

When using Phonenix SSL, basically, they match up to the config like so:

#releases.exs
. 
. 
.
keyfile: System.get_env("APP_SSL_KEY_PATH"),
certfile: System.get_env("APP_SSL_CERT_PATH"),
cacertfile: System.get_env("APP_SSL_CACERT_PATH"),

where:

export APP_SSL_KEY_PATH='/path/website_com.com.key'
export APP_SSL_CERT_PATH='/path/website_com.com.crt'
export APP_SSL_CACERT_PATH='/path/app.website_com.ca-bundle'

The crt file and ca-bundle file you get in the zip from your issued certificate. The website_com.key file coming from when you generated your csr file that you uploaded to Namecheap to request your cert.