How do you replace an SSL Certificate that was already on an elastic load balancer?


I have an SSL certificate that has now expired. It was set up on a elastic load balancer. I simply want to reinstall my renewed SSL certificate. Everything im being told is about how to create a new ELB through the VPC. But all of that is already there. Am I creating a new one? Do I delete the old one? I tried to install the SSL through the E2C, but that was wrong as I was told I have an ELB and have to do it through the VPC. Now my app and system has stopped because it needs the secure server. I cannot get a straight answer. only how to create a new one from a classic bl. It seems like a 3 minute fix is taking days.

demandé il y a 2 ans1750 vues
1 réponse

Hi There,

I understand that you want to replace an expired SSL Certificate that was already on an elastic load balancer.

If this is correct then you can change the certificate for the HTTPS listener.

To replace the certificate using the console [1] : 1- Open the Amazon EC2 console at

2- On the navigation pane, under LOAD BALANCING, choose Load Balancers.

3- Select the load balancer and choose Listeners.

4- Select the check box for the listener and choose Edit.

5- For Default SSL certificate, do one of the following:

* If you created or imported a certificate using AWS Certificate Manager, choose From ACM and choose the certificate.

* If you uploaded a certificate using IAM, choose From IAM and choose the certificate.

6- Choose Update

Please note that you can also replace the certificate using the AWS CLI [1] :

by using the modify-listener [2] command.

I hope the information above is helpful.

===== references =====

[1] Replace the default certificate :

[2] modify-listener :

répondu il y a 2 ans
  • The certificate has already been replaced through that process. When I go to the website, it is still reporting that it is not secure. I was told that the certificate cannot be changed in the E2C (the space you said) for it to work, but has to be done through an ELB (which it already has). And I get to that area through the VPC. When I go to the VPC I have all of the subnets and everything already created. Something is still directing traffic to the old cert. So I was told that I needs to be configured in the ELB. But my question is am I creating a NEW ELB or is there a way to use the existing one I have? I don't want to create a new one and mess something up. but if I need to create a new one with new subnets and all that, then I will. And after I do that, I assume I delete the old one so there are no issues later?

    Its a matter of the public IP vs the private IP apparently.

  • Hi there,

    No, you do not need to create a new ELB, you can use the one you have been using as mentioned above, you only need to edit your listeners and select your new certificate from there, please note that you would need to Open the Amazon EC2 console at to do this and follow the steps [1].

    You can also troubleshoot your SSL Certificate installation problems on your server including verifying that the correct certificate is installed, valid, and properly trusted by using a commonly used third-party website [2].


    [1] Replace the expired certificate :


  • Hi There,

    Were you able to identify the issue using ?

    Please note that you do not need to send your personal details as this is a public platform but feel free to share with me what error you are getting if any at all in order to resolve the issue you are getting.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions