AWS broke my SSL

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: lacompetenciapruebas.com

I ran this command:

It produced this output:

My web server is (include version): Apache

The operating system my web server runs on is (include version): Debian 10

My hosting provider, if applicable, is: Amazon Web Services (Magento Certified by Bitnami-2-3-5-2 on Debian 10-AutogenByAWSMP)

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

My site was runing fine, but this morning AWS has a error (you can look here https://status.aws.amazon.com/) and now my SSL is not working. The url open the IP adress and I have warning, but if I open the certificate says that is lacompetencia.com (my site) The worst is that I can’t enter to my Magento admin either

I try to install Letsencrypt again following this guide but did nothing https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

Please help me!

This sounds a lot like your Magento Base URL is wrong.

Your website is sending this redirect chain:

  1. http://lacompetenciapruebas.com
  2. https://lacompetenciapruebas.com
  3. https://18.216.9.139/

That’s not something AWS or the certificate is doing, that’s a redirect being generated by PHP/Magento. At step 3, of course, you get a certificate warning, because the certificate is not valid for an IP address. Maybe check that https://docs.magento.com/user-guide/stores/store-urls.html is correct.

I don’t know why it would have broken all of a sudden though. I doubt the AWS outage is related.

1 Like

Hi! Thank you very much for the response. The thing is that I work on the site with no problem for two weeks now. (yesterday I did till 3am and everything was smooth, I don’t do nothing about SSL or configuration since July 7) In the morning (9 am) the site was don’t, I can’t connect via SSH or ftp and I have a notification on my AWS console about the issues. On 11 pm (when AWS says that the error was fix) The site load and try to connect via Cyber Duck and console and I have the error

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is

I delete /.ssh/known_hosts and try again and connect, but the site was still with the SSL issues. Since this morning I have try everything and I have don’t found a solution. I now is sound strange but I never have a problem like this in Magento (I run 3 others stores, 2 on cloudsways and 1 on AWS. the other AWS store is on different region and is fine) For me is impossible that this error and the error on AWS has nothing to do.

I desperate, I don’t know what to do

Is it possible that AWS changed the IP address of your EC2 instance?

Can you check what it says in your EC2 console?

Is the same IP 18.216.9.139 that was the first that I check. The IP is correct because I can access via terminal and CyberDuck after delete the file .ssh/known_hosts/

I reboot the instance too and nothing. This got me very confuse.

You have to remove the redirect to the raw IP address. There is no way the certificate will work with that.

Hi! Thank you for taking he reply. How I can do this?

I have no idea. First of all you need to discover what app is issuing that redirect.

Btw, I stop the instance and start it again, changing the public IP. Log in the database base and check the tables web/unsecure/base_url and web/secure/base_url and are pointing to the new IP (I deleted the domain) When I enter to the ip, the site open, but when I add /admin redirect me (with an error) to the previous domain

Captura de Pantalla 2020-07-30 a la(s) 3.33.45 a. m.|690x44

Hi @lacompetencia

please read the basics of your system you use.

I’m sure the base_url never has an ip address. Instead, the domain name is required.

Looks that you use your system in the wrong way.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.