AWS classic load balancer listener isn't created, then disapears

Question

I am trying to add an HTTPS listener to my EBS classic load balancer. I used the CLI upload-certificate tool to upload my cert (using the GUI never resulted in the cert showing up as an option on the load balancer form. No errors, logs, events).

I set up the listener according to AWS docs.

For Listener port, type the incoming traffic port, typically 443.

For Listener protocol, choose HTTPS.

For Instance port, type 80.

For Instance protocol, choose HTTP.

For SSL certificate, choose your certificate.

I choose my cert (Lets Encrypt), save and I see the new listener with a Pending Create tag. It never transitions from that status and if I refresh the page, the record is gone. No error, no logs, no events. Really want to make AWS work but Beanstalk has been extremely buggy. Any suggestions?

Are you using a single instance environment, or a load balanced environment? — Mark B, Jul 07 '18 at 19:03
Load balanced. Single instances don’t give you an option to add LB listeners. — Half_Duplex, Jul 07 '18 at 21:08
Are you using `aws acm import-certificate` or `aws iam upload-server-certificate` or something else? It also doesn't make sense that uploading via the GUI didn't work. Did you try loading it into Amazon Certificate Manager (ACM)? — Michael - sqlbot, Jul 07 '18 at 21:57
I used `aws iam upload-server-certificat`. I uploaded the certificate using ACM, it worked but the cert would never show up when configuring the classic load balancer. I have seen others report the same, which is where I saw the CLI workaround. — Half_Duplex, Jul 07 '18 at 23:45
Using `aws acm import-certificate` I am able to also see the cert show up in ACM, but like with the GUI, the cert does not show up in the cert drop down on the load balancer Add Listener modal. — Half_Duplex, Jul 07 '18 at 23:55
If you are using a load balancer why wouldn't you use the free ACM certificates that auto-renew instead of trying to use the short-lived Let's Encrypt certificates that you will have to continually be re-uploading? — Mark B, Jul 08 '18 at 02:12
Would that work if I use a GoDaddy sub domain that points to my EBS with an A record? I was planning on forcing HTTPS from GoDaddy with the htaccess file. Hence the Let’s Encrypt. I will also need to be folder specific in htaccess since /v1 of the product will remain HTTP. I didn’t think I could achieve this with the ACM cert. Thanks. — Half_Duplex, Jul 08 '18 at 13:13
The fact that the DNS record exists at GoDaddy is entirely irrelevant to the issue. Yes it will work fine. The `htaccess` stuff you are talking about is Apache server configuration on the actual EC2 server, which definitely doesn't care where your DNS server is. And if you are installing an SSL certificate on the load balancer, it doesn't matter where the SSL certificate is from (ACM or anything else) it's going to behave the same way from the server/Apache/htaccess perspective. You are confusing a lot of unrelated issues here. — Mark B, Jul 08 '18 at 13:23
Gotcha. I will try the ACM route and moving my htaccess from external hosting to EBS or a load balancer config. — Half_Duplex, Jul 08 '18 at 13:27
Anyway, have tried now with the ACM cert, and my listener is still not being created :/ — Half_Duplex, Jul 08 '18 at 14:42
Wanted to circle back to @MarkB comments regarding an AWS vs LetsEncrypt cert (or any other cert for that matter) as they may send some in the wrong direction. Hosting HTTPS content and directing subdomain traffic to AWS requires a wildcard cert installed both places, which is not possible with ACM, hence LetsEncrypt and eventually a paid cert. There was no confusion of issues, rather an off topic question that should be disregarded. The good news is AWS is rolling out new UIs across EC2, so this may eventually be improved. — Half_Duplex, Jul 03 '21 at 05:04
@Half_Duplex AWS ACM absolutely supports wildcard certificates. It sounds like you may be running into a limitation of the Elastic Beanstalk UI? You should think about using a tool like Terraform or CloudFormation instead of relying on the AWS web UI. — Mark B, Jul 03 '21 at 15:27
@MarkB Actually, AWS ACM certs cannot be used outside of AWS, for example to protect externally hosted web content. You may be misunderstanding the goal, but we're way off topic. You should check out the accepted answer below, it may clear things up for you. — Half_Duplex, Jul 22 '21 at 00:33
@Half_Duplex I never said ACM certs could be used outside of AWS. Not sure how you even got that from my comments. I actually said you were probably running up against limitations of the AWS web user interface, which is what you ended up posting as the answer. — Mark B, Jul 22 '21 at 13:02

score 212 · Accepted Answer · edited Dec 21 '21 at 00:31

212

I figured out what I wasn't doing.

On the load balancer settings page, after you click "Add Listener", fill out the details and click "Save Listener", you're actually not done. You have to scroll to the bottom of the page and click "Save" (or "Apply") again. Not the best UI. User should never have to save twice, and at the very least, alert the user they are leaving unsaved changed.

edited Dec 21 '21 at 00:31

Brad Solomon

38,521
31
149
235

answered Jul 08 '18 at 14:52

Half_Duplex

5,102
5
42
58

38

I had this exact same experience. Agreed - not the best UI / UX. – Nathaniel Miller Sep 26 '18 at 03:22
34

Wow. Incredible UX. Stumped me for 5 hours. – coolboyjules Nov 01 '18 at 00:26
2

I was getting my CV ready because I couldn't add a simnle https listener and was going to hit the bricks. Thanks - wow unbelievable UI! Also give yourself a "correct" mark for this one! – DavidC Dec 11 '18 at 13:13
2

Really the worst. – PJATX Dec 26 '18 at 22:58
2

So glad I found this answer just minutes in to my confusion. You saved me a lot of headache, thanks! Really bad UI from Amazon on this one. – tmatuschek May 13 '19 at 06:03
Even better: "Apply" on the bottom was greyed out and I had no idea why. Just had to reload the page a couple of times and then it suddenly worked... – moritz.vieli Oct 07 '19 at 16:41
Have been struggling from past 15 mins. – necixy Mar 19 '20 at 07:21
Extraordinary how many people have hit exactly the same problem (me too, of course). – Maurice Naftalin May 05 '20 at 03:48
17

2020 same nasty UX – Veilkrand Jun 15 '20 at 04:26
THIS IS REALLY GOOD ANSWER.. Without this answer, I would have lost time too. – Steve Baek Sep 15 '20 at 12:35
What a bad UI in 2020. Same issue ... took me a while to find the SO post as well ... – Xen_mar Oct 11 '20 at 09:21
Wow, this is still an issue? I've moved to configuring a lot of this with ebextensions which itself is trouble prone a bit. – Half_Duplex Nov 30 '20 at 16:16
1

I had this issue last year. I googled, found this question, solved it. Now I had the same issue again, had forgotten about the solution, googled again, found this question again, solved it again. Thanks, twice. – Sherlock Dec 30 '20 at 09:50
3

2021 checking in. Thanks for the help! – Nathanael Jan 14 '21 at 15:23
I guess the UI is still the worst. I wish i Read this last week, haha – BelgoCanadian Feb 22 '21 at 16:06
2

Here I am again stumped that this is the answer, haha. Looks like I already upvoted your answer in the past. – BelgoCanadian May 05 '21 at 15:13
I have no words... I was also stumped for hours, awful UX. – 88jayto May 12 '21 at 02:34
UX and the fact that every page in the documentation is just a jumbled mess of links to other pages lol. – Azeli May 24 '21 at 23:39
Jun 2021 and same issue :(. Wasted a couple of hours reading the docs over and over :( – Abdullah Umer Jun 27 '21 at 11:52
4

update: aug 2021, second time I've visited this post – Evan Aug 14 '21 at 05:12
yea the UX is really bad. nothing has changed. had the same issue today. this answer is a lifer saver. thanks – Clement Okyere Aug 27 '21 at 11:28
Still an issue here! Next time i come here i'm forwarding this thread to AWS lol – mattwad Nov 24 '21 at 22:28
The clock will soon be striking 2022. Same UX, same hidden "Apply" button 9 miles down the bottom of the page. – Brad Solomon Dec 21 '21 at 00:34
2021 almost 2022 NASTY HORRIBLE FLOW – Dec 30 '21 at 00:25
Thank you for saving me hours of hair-ripping. It's now 2022 and this is still relevant. – Gilad Barner Jan 11 '22 at 01:24
2022 still same – Burak Gavas Jan 24 '22 at 08:57
WOW - that is all I have to say. Thank you @Half_Duplex – Kellen Busby Mar 22 '22 at 19:54
2

their ui creates a new azure account for me... – ChrisQIU Jun 02 '22 at 13:31
1

June 2022: no better – Tom Boutell Jun 14 '22 at 20:52
2

October 2058 - still the same. Private countries have replaced gerontocracies, but this UI is still making us click twice. Its the ghost of Jeff Bezos – mrj Jul 07 '22 at 01:51
OMG. i cannot believe... July 2098.. still same UI. issue faced by another alien.... ahhhhhh – Lal Jul 20 '22 at 18:25
maybe I should talk to that amazon recruiter who keeps pestering me... ty for answer – Joseph Helfert Oct 03 '22 at 13:55
This took me WAY too long to figure out (again), I've been through this before with another EB environment but forgot this awful nuance. Thank you! – DashRantic Oct 26 '22 at 06:30
Exactly same experience – Akashgreninja Feb 08 '23 at 17:52
I spent hours wondering why my settings were not saving. User Experience matters. – Victor Ighalo Mar 02 '23 at 11:52
Wouaaaw thanks man I would never have figured it out ! – bjovanov Mar 29 '23 at 07:15
Surely someone who works for amazon will see this. Please, there has to be a better way. – Steve Apr 08 '23 at 22:04

AWS classic load balancer listener isn't created, then disapears

1 Answers1

Linked