花费超过一天的时间,收到此错误"错误:添加 LB 侦听器证书时出错:验证错误:无法为 %s 侦听器指定证书" 我也尝试导入ACM臂,但同样的问题。有人可以帮忙吗?
data "aws_acm_certificate" "tossl" {
domain = "*.xyz.com"
types = ["AMAZON_ISSUED"]
most_recent = true
}
resource "aws_alb" "front_end_ALB" {
name = "${local.env_name}-front-end-ec2-alb"
subnets = module.vpc.public_subnets
load_balancer_type = "application"
security_groups = [aws_security_group.front-end-ALB-sg.id]
internal = false
tags = merge(local.common_tags, { Name = "${local.env_name}-front-end-alb" })
}
resource "aws_alb_listener" "front_end_alb_listener" {
load_balancer_arn = "${aws_alb.front_end_ALB.arn}"
port = "${var.alb_listener_port}"
protocol = "${var.alb_listener_protocol}"
default_action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "301"
}
}
}
##################################################################################
# Front end Load Balancer Certificate SSL
##################################################################################
resource "aws_lb_listener_certificate" "sslsecure" {
listener_arn = "${aws_alb_listener.front_end_alb_listener.arn}"
certificate_arn = data.aws_acm_certificate.tossl.arn
}
我认为您需要定义两个不同的 ALB 侦听器。试试这个:
resource "aws_lb_listener" "http" {
load_balancer_arn = aws_alb.front_end_ALB.arn
port = "80"
protocol = "HTTP"
default_action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
}
resource "aws_lb_listener" "https" {
load_balancer_arn = aws_alb.front_end_ALB.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = data.aws_acm_certificate.tossl.arn
default_action {
...
}
}
http
侦听器只是重定向到实际具有 SSL 配置https
侦听器。