https listener creation fails in AWS Elastic Beanstalk

Question

I have developed and deployed a python application to AWS Elastic Beanstalk that works fine. When I modify the application bundle with the addition of the .ebextensions/https-reencrypt-alb.config file the deployment of the Application fails with an Error as follows:

"Unable to deploy application version: Configuration validation exception: You must specify an SSL certificate to configure a listener to use HTTPS."

Contents of https-reencrypt-alb.config as follows...

  aws:elbv2:listener:443:
    DefaultProcess: https
    ListenerEnabled: 'true'
    Protocol: HTTPS
  aws:elasticbeanstalk:environment:process:https:
    Port: '443'
    Protocol: HTTPS

I have a certificate created all ready, but creating a listener on port 443 fails (silently, after reporting - Pending create). I assume this is failing because I have not been able to deploy the version with this https termination file included.

I have successfully deployed two previous, and very similar, applications with https support (in June and August) and they work fine. Has something changed in Elastic Beanstalk/Route 53/Certificate Manager since then that requires a different deployment process?

Answer 1

See

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html

Embed the SSL Certificate ARN in the securelistener-alb.config file as follows

option_settings:
  aws:elbv2:listener:443:
    ListenerEnabled: 'true'
    Protocol: HTTPS
    SSLCertificateArns: arn:aws:acm:us-east-2:1234567890123:certificate/####################################