AWS Elastic IP pointed to new instance does not work

aws ec2 static private ip
elastic ip pricing
ec2 console
aws eni
aws add second network interface
aws elastic ip vs public ip
private elastic ip
ec2 get public ip from instance

I created an AMI of my server on AWS, and spun up a new instance.

When I point my elastic IP address to my new instance and type in my domain name I get a timeout error when going to my website.

I have done backups before and just re-pointed my elastic IP but this time it does not seem to be working, any ideas?

Steps I take on AWS:

  1. I click on my elastic IP and pick actions-> Associate Address
  2. Resource type = Instance
  3. Instance: I select the new instance I just made by copying my old instance
  4. Reassociation: I click the checkbox to allow Allow Elastic IP to be reassociated if already attached
  5. I click associate

When I go to my webpage I get this error in edge:

Error Code: DLG_FLAGS_INVALID_CA
DLG_FLAGS_SEC_CERT_CN_INVALID

When I click proceed I get this instead of my website (Chrome would not allow me to proceed):

Looks like some sort of certificate issue...

The error I get in chrome is:

NET::ERR_CERT_AUTHORITY_INVALID

Can you please check server of which type (EC2-VPC or Classic).

You can't associate an Elastic IP address that you allocated for use with a VPC with an instance in EC2-Classic, and vice-versa.

If this is the case you can migrate Elastic IP from classic to EC2-VPC.

Fix Connection to EC2 Instance or ENI With Attached Elastic IP , Create an AWS Account How can I fix the connection to my Amazon EC2 instance or elastic network Open the Amazon EC2 console, and then select the instance that you're Add inbound and outbound rules if you don't have them. Note: Be sure that your default route points to an internet gateway,  If your instance's public IP address is released while it has a secondary private IP address that is associated with an Elastic IP address, the instance does not receive a new public IP address. If you require a persistent public IP address that can be associated to and from instances as you require, use an Elastic IP address instead.

The SSL certificate is invalid, or not installed correctly. It is not related to the EIP at all.

This site is not secure" is a security alert that prevents users from accessing various websites. In the technical language, this error is known under the name of DLG_FLAGS_SEC_CERT_CN_INVALID. The ou will need to provide more information about the cert, how it was issued, etc. to do any further troubleshooting.

See https://tecoreviews.com/how-to/fix-site-not-secure-pop-error-code-dlg_flags_sec_cert_cn_invalid/

The error message NET::ERR_CERT_AUTHORITY_INVALID is also related to the certificate.

Given these messages, I suspect the certificate has a common name mismatch, a root CA certificate is missing, or it's a self signed certificate.

Check the certificate details carefully as presented in the browser. The browser itself is rejecting the cert. Check globalsign.com/en/blog/how-to-view-ssl-certificate-details and review. It should be clear why the cert is being rejected. When you see the specific error, you can figure out the cause and then fix it.

Elastic IP addresses - Amazon Elastic Compute Cloud, You can quickly remap an Elastic IP address from one instance to another to work around problems with your instance or software. (record type A) pointing to your Elastic IP address must exist before we can create your reverse DNS record. If you disassociate your Elastic IP from your instance, you can then move the Elastic IP to the VPC scope: It can take a few minutes to transition over unfortunately and it may look like it has disappeared for a moment (details here). Once it has moved over, you can then allocate it to your instance in VPC.

The domain name is key. When the SSL cert was created you provided a Common Name (i.e. domain name). Some SSL certificates cover subdomains (wildcard certificates issued for e.g '*.example.com') some don't (ie. www.example.com only). If you have the latter kind you need to use the exact same domain to address the new box.

Troubleshoot Connecting to an Instance in a VPC, While your instance is running, you are not charged for one Elastic IP address The following sections describe how you can work with Elastic IP addresses. New console; Old console; AWS CLI; PowerShell (record type A) pointing to your Elastic IP address must exist before we can create your reverse DNS record. I have done backups before and just re-pointed my elastic IP but this time it does not seem to be working, any ideas? Steps I take on AWS: I click on my elastic IP and pick actions-> Associate Address

I did not update my security groups correctly so web traffic wasn't allowed.

Public DNS or Elastic IP not working, I can't connect to an Amazon Elastic Compute Cloud (Amazon EC2) instance problems connecting to my Amazon EC2 Linux instance using SSH? whose destination is 0.0.0.0/0) pointing to your internet gateway. Be sure to save your new route table configuration. Visit the AWS Support Center. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/ . In the navigation pane, choose Elastic IPs . Select the Elastic IP address, choose Actions, and then choose Release addresses . When prompted, choose Release . If you release your Elastic IP address, you might be able to recover it.

Troubleshooting connecting to your instance, I have an instance with a public DNS and I associated a public IP to the instance. We are facing the same problem, our instance id is i-d63172be The security new rule it is ok, I belive , I did restarted the instance. Please add a default route 0.0.0.0/0 pointing to IGW in the routing table rtb-1d96ae79. If Amazon Elastic Compute Cloud (Amazon EC2) is not listed on the Dashboard, choose AWS services, enter EC2 in the search field, and then choose Amazon Elastic Compute Cloud (Amazon EC2). On the Amazon EC2 service quotas screen, enter Elastic IP in the search field and then choose Elastic IP addresses for EC2 .

Why can't I reach my Amazon EC2 instance via its Elastic IP address , Common causes for connection issues; Error connecting to your instance: For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user . Each time you restart your instance, a new IP address (and host name) will be assigned. that there is a route for all IPv6 traffic ( ::/0 ) that points to the internet gateway. An Elastic IP address is a reserved public IP address that you can assign to any EC2 instance in a particular region, until you choose to release it. To allocate an Elastic IP address to your account in a particular region, see Allocating an Elastic IP Address.

Assign own domain (Route 53) and setting of Elastic IP, How do I check the 3rd point "Your instance firewall permits incoming connections"? As others mentioned, the security group for your EC2 instance may not allow the Obviously you will need to have the relevant TCP Port open in the security AWS network and is only useful when you have a cluster of EC2 nodes and  If you don’t need an Elastic IP address, you can stop the charges by releasing the IP address. Note: When you release the IP address, it might be provisioned automatically by another AWS account. You might be able to recover the Elastic IP address again later, but only if no one else is using it.

Comments
  • Can you ssh into your instance through the elastic IP?
  • Can you show more detail about result you got when re-point your elastic IP to that new instance?
  • I added some new details
  • I guess this issue relate to SSL Certificate configuration not Elastic IP Address. Are you using Application Load Balancing?
  • Nope, no load balancing
  • Where can I see this? I thought it might be a security groups error, but I updated these and still got the same error. It looks more like a certificate error.
  • you can have look at this link: docs.aws.amazon.com/AmazonRDS/latest/UserGuide/…
  • Both are VPC instances
  • But what would have changed when I made a copy of the working instance. Is the copy not exactly the same?
  • I used certbot with lets encrypt
  • Check the certificate details carefully as presented in the browser. The browser itself is rejecting the cert. Check globalsign.com/en/blog/how-to-view-ssl-certificate-details and review. It should be clear why the cert is being rejected. When you see the specific error, you can figure out the cause and then fix it.