How do I resolve the error "CloudFront wasn't able to connect to the origin"?

1 minute read
0

I'm using Amazon CloudFront to serve content, but my users are receiving the HTTP 502 error "CloudFront wasn't able to connect to the origin." What's causing this error?

Resolution

HTTP 502 errors from CloudFront can occur because of the following reasons:

  • There's an SSL negotiation failure because the origin is using SSL/TLS protocols and ciphers that aren't supported by CloudFront.
  • There's an SSL negotiation failure because the SSL certificate on the origin is expired or invalid, or because the certificate chain is invalid.
  • There's a host header mismatch in the SSL negotiation between your CloudFront distribution and the custom origin.
  • The custom origin isn't responding on the ports specified in the origin settings of the CloudFront distribution.
  • The custom origin is ending the connection to CloudFront too quickly.

For detailed instructions on how to troubleshoot these issues, see HTTP 502 status code (Bad Gateway).


Related information

Troubleshooting error responses from your origin

How do I troubleshoot a 502: "The request could not be satisfied" error from CloudFront?

AWS OFFICIAL
AWS OFFICIALUpdated 2 years ago
3 Comments

Concerning "There's a host header mismatch in the SSL negotiation between your CloudFront distribution and the custom origin.". This happens if the origin domain as api-gateway.example.com is not the same as the domain where cloudfront is accessed as example.com. To fix the error in that case do the following: CloudFront -> Distribution -> Behaviors, open the behavior for edit., under "Origin request policy - optional" select "AllViewerExceptHostHeader". Save and wait some time for the changes to apply. I do not remember how long it took. Could be 1 minute or 15 minutes.

replied 9 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 9 months ago

@David your hint saved my day...

Zain
replied 9 months ago