SSL not working - no traffic reaching my AWS hosted server

I have SSL/TLS set to Full, but unable to reach my site over HTTP or HTTPS. I get a 502 error - connection timed out.

Has worked until yesterday and no changes were made in last several months.

Microsoft Network Monitor shows no traffic from the IP addresses that my DNS resolves to, namely:
104.27.168.227 or 104.27.168.227

I can ping both those addresses from my home, but cannot ping either from the server in the AWS cloud.

I think AWS is blocking those IP addresses, but I don’t know how to confirm or disprove that.

Any suggestions welcome. This has my sites completely offline.

Whats the domain? Typically it shouldnt resolve to these addresses.

Anyhow, overall you should be able to ping these addresses too, however Cloudflare connections to your server will come from other addresses.

You need to check your Amazon firewall for any Cloudflare related IP addresses which you are most likely blocking.

  1. the domain is miclinic2.countermind.com
  2. I can ping the Cloudflare addresses from other sites, but not from my AWS hosted server
  3. No IP traffic from either of those 2 IP addresses is reaching my server
  4. Neither of those IP addresses is listed on https://www.cloudflare.com/ips/, so I agree that those are strange addresses

Here is what I get from a lookup:

miclinic2.countermind.com -> 2606:4700:3035::681b:a9e3, 2606:4700:3034::681b:a8e3, 104.27.169.227, 104.27.168.227

How is it that my name is resolving to those 2 addresses that appear not to come from the list of Cloudflare servers?

As I assumed, the IP addresses here are 104.27.168.227 and 104.27.169.227.

If you cannot ping them, this will be aforementioned firewall on your own server, however this shouldnt matter too much as connections will never come from these addresses anyhow. But I already said that :wink:

You simply need to check your Amazon setup for any network blocks which prevent the connections, but that I already said too :slight_smile:

My setup within AWS is not blocking any addresses. Wide open unless Amazon is doing the blocking at some higher level.

Please elaborate on why you say that connections should never come from those addresses. miclinic2.countermind.com is proxy connected using SSL/TLS service. So CloudFlare is going to relay traffic from those addresses to my server so that their SSL is used.

Well, something is apparently blocking the connection.

Because connections only originate from the addresses listed at the URL you posted earlier. The 104 addresses are irrelevant in this context.

-> sitemeer.com/#https://54.244.115.219

If I try to connect to the server from my own PC, DSN will route me to those 2 proxy addresses at CloudFlare, not to my server. Cloudflare is then connecting from their server to the server at AWS. What address would the traffic come from if not from the IP addresses shown in the DNS lookup? I must be misunderstanding something.

Here is the sitemeer report:

My server IP address is 54.244.115.219. I can ping it.

Again, connections will originate from one of the addresses listed at aforementioned URL. It will be one “randomly”.

But it seems your entire server is down. So maybe it is not an actual blocking issue, but simply the service is unavailable.

I’m on the server. It is not down. I can connect to the sites using localhost. I just cannot connect using DNS.

Again, sitemeer.com/#https://54.244.115.219. It obviously is not reachable.

Localhost? What does that have to do with your server? Your server simply is not running.

@sandro I feel like we must be talking past each other. I am logged into the server using RDP. It is not down, it is running. I open a browser in the server and it can connect to the sites on that machine using localhost or 127.0.0.1. From my own location I can ping that address as well. Again, it is running. Can we at least agree on that?

The machine might running all right. What does this prove?

For the third time, the service is not reachable -> sitemeer.com/#https://54.244.115.219

Otherwise that should be green. Can we agree on that?

You need to start whatever service you are planning to run there. Presumably your webserver on port 443.

Agreed. Which is why I’m seeking support. By doing a loopback test using 127.0.0.1, I am showing that IIS is serving up the sites. I trying to troubleshoot why they are not working from outside of AWS. Any thoughts on how to troubleshoot that?

Alright, but that would be way beyond the scope of the forum. I’d refer you to StackExchange in this case. If your webserver is running you probably misconfigured something in your server configuration.

As long as the service is not publicly reachable, nobody (including Cloudflare) will be able to connect.