0

花了一天多的时间,收到此错误“错误:添加 LB 侦听器证书时出错:验证错误:无法为 %s 侦听器指定证书”我也尝试导入 ACM 臂,但同样的问题。有人可以帮忙吗?

data "aws_acm_certificate" "tossl" {
  domain   = "*.xyz.com"
  types       = ["AMAZON_ISSUED"]
  most_recent = true
}


resource "aws_alb" "front_end_ALB" {  
  name               = "${local.env_name}-front-end-ec2-alb"
  subnets            = module.vpc.public_subnets
  load_balancer_type = "application"
  security_groups    = [aws_security_group.front-end-ALB-sg.id]
  internal           = false
  tags = merge(local.common_tags, { Name = "${local.env_name}-front-end-alb" })
}

resource "aws_alb_listener" "front_end_alb_listener" {  
  load_balancer_arn = "${aws_alb.front_end_ALB.arn}"  
  port              = "${var.alb_listener_port}"  
  protocol          = "${var.alb_listener_protocol}"

  default_action {
    type = "redirect"
        redirect {
          port        = "443"  
          protocol    = "HTTPS"
          status_code = "301"
        }
    }
}


##################################################################################
# Front end Load Balancer Certificate SSL
##################################################################################

resource "aws_lb_listener_certificate" "sslsecure" {
  listener_arn    = "${aws_alb_listener.front_end_alb_listener.arn}"
  certificate_arn = data.aws_acm_certificate.tossl.arn
}
4

1 回答 1

1

我认为您需要定义两个不同的 ALB 侦听器。尝试这个:

resource "aws_lb_listener" "http" {
  load_balancer_arn = aws_alb.front_end_ALB.arn
  port              = "80"
  protocol          = "HTTP"

  default_action {
    type = "redirect"

    redirect {
      port        = "443"
      protocol    = "HTTPS"
      status_code = "HTTP_301"
    }
  }
}

resource "aws_lb_listener" "https" {
  load_balancer_arn = aws_alb.front_end_ALB.arn
  port              = "443"
  protocol          = "HTTPS"
  ssl_policy        = "ELBSecurityPolicy-2016-08"
  certificate_arn   = data.aws_acm_certificate.tossl.arn

  default_action {
    ...
  }
}

http侦听器只是对https实际上具有 SSL 配置的侦听器的重定向。

于 2020-05-13T17:52:54.243 回答