How do I add multiple SSL certificates to the Application Load Balancer in my Elastic Beanstalk environment?

2 minute read
0

I want to add additional SSL certificates to the Application Load Balancer in my AWS Elastic Beanstalk environment.

Short description

The Application Load Balancer supports multiple SSL certificates, but the SSLCertificateArns option setting in Elastic Beanstalk accepts only one certificate per listener. To add additional SSL certificates to your Application Load Balancer, you must create a resource-based .ebextension.

Resolution

Add a second SSL certificate to your Application Load Balancer

Complete the following steps:

  1. Create a .ebextensions folder in the root directory of the source bundle.

  2. In the .ebextensions folder, create a .config file based on the following settings:

    option_settings:
      aws:elbv2:listener:443:
        Protocol: HTTPS
        SSLCertificateArns: "cert-arn-1"
    Resources:
      AddingSSLCert2:
        Type: "AWS::ElasticLoadBalancingV2::ListenerCertificate"
        Properties:
          ListenerArn:
            Ref : "AWSEBV2LoadBalancerListener443"
          Certificates:
            - CertificateArn: "cert-arn-2"

    Note: In the preceding example code, replace cert-arn1 and cert-arn2 with your certificate's ARNs.

    To add additional certificates, add a new ListenerCertificate resource based on the following example settings:

    option_settings:
      aws:elbv2:listener:443:
        Protocol: HTTPS
        SSLCertificateArns: "cert-arn-1"
    Resources:
      AddingSSLCert2:
        Type: "AWS::ElasticLoadBalancingV2::ListenerCertificate"
        Properties:
          ListenerArn:
            Ref : "AWSEBV2LoadBalancerListener443" 
         Certificates:
            - CertificateArn: "cert-arn-2"
      AddingSSLCert3:
        Type: "AWS::ElasticLoadBalancingV2::ListenerCertificate"
        Properties:
          ListenerArn:
            Ref : "AWSEBV2LoadBalancerListener443"
          Certificates:
            - CertificateArn: "cert-arn-3"

    Note: In the preceding code example, replace cert-arn1, cert-arn-2, and cert-arn3 with your certificates ARNs.

    The option_settings section creates the HTTPS listener on port 443 and attaches a certificate to this listener. If you created the HTTPS listener from the console, then remove the option_settings section from the .config file. The Resources section creates another resource that attaches an additional certificate to the listener.

  3. Apply the .ebextensions updates to your application bundle.

  4. Deploy your application again.

Your application updates the existing Application Load Balancer and doesn't replace it.
Important: The additional certificate doesn't appear in the Elastic Beanstalk console. To verify that your certificate is added to the Application Load Balancer, complete the steps in the following section.

Verify that your SSL certificates are added to the Application Load Balancer listener 443

Complete the following steps:

  1. Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
  2. From the navigation pane, choose Load Balancers.
  3. Choose Listeners.
  4. For listener 443, choose View/edit certificates.
AWS OFFICIAL
AWS OFFICIALUpdated 16 days ago
2 Comments

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
EXPERT
replied 2 years ago