Website TLS certified (DONE)

I used the following tools to install TLS:

Certbot 3.1.0 installed with “Apache and Linux (pip)”

LetsEncrypt Certificate Authority (provides free TLS certs)

Route 53 and AWS Certificate Manager for cert. on Cloudfront facing the internet

Helpful Links:

Follow these instructions to install Certbot and procure a cert:

https://certbot.eff.org/instructions?ws=apache&os=pip

Follow steps here to install TLS cert. into EC2 instance with Apache:

https://docs.aws.amazon.com/linux/al2/ug/SSL-on-amazon-linux-2.html#ssl_certificate

Problems Encountered:

HTTP 502 – Bad Gateway

SOLUTION:

Issue 1: See images above.

Fix 1: The fix for the “HTTP 502 Bad Gateway was simple. I made the Route 53 A record an Alias pointing to the Cloudfront distribution. “https://ericcentric.com” was able to browse to WordPress site.

Issue 2: When a netizen browses to “https://ericcentric.com”, he/she will be redirected to a cloudfront edge location. The cloudfront passes a website with broken CSS and Javascript, because of the mixed-content issue – I’ll have to add pics…imagine the website format with ugly text and formatting. This means the static content cloudfront is caching contains a mix of HTTP and HTTPS.

Fix 2: I think there were multiple ways to fix this. The way that worked for me was to assign a TLS certificate to my Apache server. This way, Cloudfront can successfully connect via HTTPS to WordPress and cache the webpages.

Notes:

$14 for the .com domain, purchased through Route 53

ACM produces a cert for FREE but is limited for use only with AWS services. No exporting of cert. allowed!

An additional certificate needed to be created to TLS certify the Apache webserver. I used Certbot with LetsEncrypt and got a signed cert. for FREE