I am working with an AWS EC2 instance (amazon Linux, elastic IP) trying to set up SSL through ACM. The certificate is verified and the load balancer is passing the health checks listening on prot 443, forwarding to port 80. Initially, when testing https I received a connection refused. This confused me because I thought the load balancer would catch and forward this to port 80. I enabled port 443 via nginx on the EC2 instance, so now it is listening on 443 (tested via telnet), which got rid of the connection refused error, but now I get a ERR_SSL_PROTOCOL_ERROR. This makes sense if it is missing the load-balancer and hitting the EC2 instance directly.
Is this the problem (missing the load-balancer)? If so, how do I fix this. I don't see a way to assign an an IP address to a load-balancer. Is a CNAME record required for this kind of setup? If so, how do I configure this?
Thanks.