How can I add certificates for multiple domains to a load balancer using AWS Certificate Manager?

Short description

As of April 2018, Classic Load Balancer doesn't support adding multiple certificates.

To add multiple certificates for different domains to a load balancer, do one of the following:

• Use a Subject Alternative Name (SAN) certificate to validate multiple domains behind the load balancer, including wildcard domains, with AWS Certificate Manager (ACM).
• Use either an Application Load Balancer (ALB) or Network Load Balancer (NLB), which supports multiple certificates and smart certificate selection using Server Name Indication (SNI).

Note: ACM certificates can't be downloaded, and are used only with AWS services integrated with ACM.

Resolution

To use a Classic Load Balancer, follow these steps to create a SAN certificate using ACM.

1. Open the ACM console.
   Note: If you've never created a certificate, choose Get started.
2. Follow the instructions for Requesting a public certificate.
3. In the ACM console, verify that the Status of the certificate request has changed from Pending validation to Issued.
4. Attach the certificate to a load balancer. For instructions, see Replace the SSL certificate for your Classic Load Balancer.

To add multiple certificates with an ALB, see Application Load Balancers now support multiple TLS certificates with smart selection using SNI.

To add multiple certificates with an NLB, see Elastic Load Balancing: Network Load Balancers now support multiple TLS certificates using Server Name Indication (SNI).

Note: The ALB and NLB certificate quota limit is 25 (excluding default certificates). This limit can be increased. For more information, see Quotas for your Application Load Balancers and Quotas for your Network Load Balancers.

Related information

AWS Certificate Manager FAQs

Email validation

DNS validation