Why can't I configure ACM certificates for my website hosted on an EC2 instance?
I want to configure AWS Certificate Manager (ACM) certificates for my website hosted on an Amazon Elastic Compute Cloud (Amazon EC2) instance. Why can't I?
Short description
Configuring an Amazon Issued ACM public certificate for a website that's hosted on an EC2 instance requires exporting the certificate. However, you can't export the certificate because ACM manages the private key that signs and creates the certificate. For more information, see ACM private key security.
Instead, you can associate an ACM certificate with a load balancer or an ACM SSL/TLS certificate with a CloudFront distribution. Before you begin, follow the instructions for requesting a public certificate.
Note: You must request or import an ACM certificate in the same AWS Region as your load balancer. CloudFront distributions must request the certificate in the US East (N. Virginia) Region.
Resolution
Follow these steps to associate your certificate:
- Create an Application Load Balancer, Network Load Balancer, Classic Load Balancer, or CloudFront distribution.
Note: If you already have an Application Load Balancer, Network Load Balancer, Classic Load Balancer, or CloudFront distribution, then you can skip this step. - Associate the certificate with your ELB, or configure a CloudFront distribution to use an SSL/TLS certificate.
- Put the EC2 instance behind your ELB or CloudFront distribution.
- Route traffic to your ELB or CloudFront distribution.
Create an ELB or CloudFront distribution
Follow the instructions for your use case:
- Create an Application Load Balancer
- Create a Network Load Balancer
- Create a Classic Load Balancer
- Create a CloudFront distribution
Associate the certificate with ELB or configure it with a CloudFront distribution
Follow the instructions for your use case:
- Associate the certificate with a Classic, Application, or Network Load Balancer
- Configure your CloudFront distribution to use an SSL/TLS certificate
Put the EC2 instance behind your ELB or CloudFront distribution
Follow the instructions for your use case:
- Register targets with your target group for your Application or Network Load Balancer
- Register or deregister EC2 instances for your Classic Load Balancer
- Use Amazon EC2 with CloudFront distributions
Route traffic to your ELB or CloudFront distribution
Follow the instructions for your use case:
Note: Public ACM certificates can be installed on Amazon EC2 instances that are connected to a Nitro Enclave, but not to other Amazon EC2 instances.
Related information
Use email to validate domain ownership
Use DNS to validate domain ownership
Making Amazon Route 53 the DNS service for an existing domain
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 9 Monaten
- AWS OFFICIALAktualisiert vor 9 Monaten
- AWS OFFICIALAktualisiert vor 9 Monaten
- AWS OFFICIALAktualisiert vor einem Jahr