Getting Error 522 or 521, when accessing 80 or 443 port from ALB link its working (for 443 browser shows warning i.e because ALB and SSL domain is different)
AWS Config.
Ec2 and Apache2 Config.
Enabled SSL in apache2
Open port 443 in instance, Security Group of ALB and access port 80 (http) and 443 (https)
For SSL followed article https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-18-04
Generated SSL Certificate from CloudFlare
SSL/TLS -> Origin Server -> Generated RSA certificate
Imported SSL certificate to AWS ACM
Attached ACM SSL certificate to Loadbalancer HTTPS Listener
Also create AWS ACM SSL certificate and validated with DNS for testing tried both ssl certificate - didn't worked
Subdomain and ALB link
Created DNS CNAME entry in CloudFlare
Added subdomain which pointing to ALB link. (tried with proxy and DNS only)
Your SSL/TLS encryption mode is Full
Always Use HTTPS: ON
When hitting subdomain in normal window (browser) its getting 522 and in incognito mode for the first time it is working but after that not.
When making curl request to https://subdomain.domain.com always working
Created extact duplicate instance in Public subnet and linked with another subdomain (created in cloudflare) just for testing -> working properly.
Also tried by adding separate target group for port 443 (HTTPS) -> in this traget group health check is getting failed whereas same working in other target group which for port 80 (http)
How to resolve this issue?
Issue was because of internet facing loadbalancer was available in public and private subnet, and because of private subnet cloudflare was not able to connect to ec2 instance which was in private subnet.
Loadbalancer subnet section was showing You are creating an internet-facing Load Balancer, but there is no Internet Gateway attached to these subnets you have selected warning.
Solution: https://aws.amazon.com/premiumsupport/knowledge-center/public-load-balancer-private-ec2/