Hi there, I too am noticing this issue. @shane here is my verbose output. I redacted some info from the response.
* Connected to XXXXXX.com (123.123.123.123) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=*.XXXXX.com. < ACM arn certificate loaded properly with appropriate hostname
* start date: Jan 20 00:00:00 2022 GMT
* expire date: Feb 18 23:59:59 2023 GMT
* issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* SSL certificate verify ok.
> POST /auth HTTP/1.1
> Host: XXXXX.com
> User-Agent: curl/7.79.1
> accept: application/json
> Content-Type: application/json
> Content-Length: 76
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Date: Thu, 14 Apr 2022 18:10:35 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 220
< Connection: close
< X-Kong-Response-Latency: 0
< Server: kong/2.8.0
<
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
</body>
</html>
* Closing connection 0
* TLSv1.2 (IN), TLS alert, close notify (256):
* TLSv1.2 (OUT), TLS alert, close notify (256):
My Service is setup the same way as @lucao
Also to note, HTTP works correctly but ideally I have to re-route to HTTP(S)
Output from Kong:
[ingress-kong-558cd9dd85-4rrxv proxy] 2022/04/14 18:16:40 [warn] 1109#0: *10527 using uninitialized "kong_proxy_mode" variable while logging request, client: 10.0.154.134, server: kong, request: "POST /auth HTTP/1.1", host: "XXXXX.com"
[ingress-kong-558cd9dd85-4rrxv proxy] 2022/04/14 18:16:40 [warn] 1109#0: *10527 [lua] reports.lua:83: log(): [reports] could not determine log suffix (scheme=http, proxy_mode=) while logging request, client: 10.0.154.134, server: kong, request: "POST /auth HTTP/1.1", host: "XXXX.com"
[ingress-kong-558cd9dd85-4rrxv proxy] 10.0.154.134 - - [14/Apr/2022:18:16:40 +0000] "POST /auth HTTP/1.1" 400 220 "-" "curl/7.79.1"