A developer is deploying a web application on EC2 instances behind an Application Load Balancer (ALB). The application uses HTTPS. The developer creates a certificate in AWS Certificate Manager (ACM) and associates it with the ALB listener on port 443. However, when users access the application, they receive a browser warning that the connection is not secure. The ALB is configured with a default SSL/TLS policy. What is the most likely cause of the issue?
ACM certificates must be in the same region as the ALB.
Why this answer
ACM certificates are region-specific. If the certificate is created in a different AWS region than the ALB, the ALB cannot use it, causing the browser to warn that the connection is not secure. The ALB will fall back to its default self-signed certificate or no valid certificate, triggering the browser warning.
Exam trap
The trap here is that candidates assume ACM certificates are globally available, but they are region-specific, and the ALB must reference a certificate in the same region.
How to eliminate wrong answers
Option B is wrong because if the certificate were not imported correctly into ACM, it would not appear as valid or would fail association, but the question states the certificate was created in ACM and associated, so import is not the issue. Option C is wrong because an outdated SSL/TLS policy would cause compatibility issues or weaker security, not a browser warning about an insecure connection; the warning indicates no trusted certificate is presented. Option D is wrong because ALB can terminate HTTPS by default when a certificate is associated; the developer does not need to configure HTTPS on EC2 instances for termination at the load balancer.