December 2, 2019

SSL Certificate Help

I have been trying to set up my AWS SSL certificate for several days now, and nothing I have done has gotten me that lovely little lock in the upper right corner, anybody know what they are doing with this. Also I am using google domains.

  1. 4

    If you are managing your own server I can’t recommend https://letsencrypt.org / https://certbot.eff.org enough

    1. 1

      I am with AWS

  2. 2

    As you are using AWS Certificate Manager, below steps may help you:

    1. You request for certificate for specific domain (make sure you request for "public certificate", if your application is public)

    2. You follow specific steps to verify your domain with AWS AWS Certificate Manager

    3. Then AWS Certificate Manager will verify and issue the certificate (make sure you see status as "Issued") and validation status is "Success"

    4. If you are using EC2/Elastic Beanstalk, Go to Load Balancers (you can find it under EC2)

    5. Now choose your load balancer and click on the Listeners tab located on the right-end.

    6. Now you’ll see two protocols, namely HTTP and HTTPS. Select the HTTPS protocol.

    7. You should see Choose a certificate from ACM (recommended) option and existing certificates in the dropdown below with "Certificate name" label.

    8. Select the certificate. (if you have only one certificate, it will be already selected)

    9. Then proceed with next configurations as needed. Finally, you will register a target which is a running server with specific port details.

    1. 1

      Thanks so much man! How long will it take to get the SSL lock on my website.

      1. 1

        It can take few minutes to couple of hours to verify the domain by AWS Certificate Manager. After certificate issue and once you point the certificate with load balancer, you are good to go, no need to wait. Also, make sure the url in browser should start with "https" and not "http"

        1. 1

          it has neither. It still is not SSL secured.

  3. 1

    Hi Andrew. Are you using Elastic Beanstalk in your setup? I may be able to help if you are.

  4. 1

    There is a lot to AWS so the answer will depend on how you are trying to configure your setup.

    If you are pointing the A record for your domain directly to a single EC2 instance then LetsEncrypt would be a good route to go down (https://letsencrypt.org). The EC2 instance is effectively just a standalone server so there is nothing to stop you using non-AWS services.

    If you are using CloudFront in front of your EC2 instance then Amazon's Certificate Manager is an easier route to go down (just remember to create the certificate in the us-east-1 otherwise you can't select it in the CloudFront configuration).

  5. 1

    I usually use https://aws.amazon.com/certificate-manager/ when I'm on AWS. Have you tried it?

    1. 1

      Yes, that is what i am using but I cannot find out what I did wrong

  6. 1

    The SSL Store offers installation for a fee. What hosting are you with?

    1. 1

      I am hosting with AWS