- Newest
- Most votes
- Most comments
Hello.
To issue an SSL certificate with ACM, you need a public domain that you have purchased yourself.
I think it is better to purchase public domain.
Domain pricing is listed below.
https://d32ze2gidvkk54.cloudfront.net/Amazon_Route_53_Domain_Registration_Pricing_20140731.pdf
If you use other methods, you may be able to use a self-certificate.
https://docs.aws.amazon.com/acm/latest/userguide/import-certificate-prerequisites.html
In addition to what Riku said, you can also create a self-signed certificate, and then import that into ACM, and deploy that to your ALB Listener.
You can do this directly with OpenSSL on MacOS or on Linux as follows:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/my-selfsigned.key -out /etc/ssl/certs/my-selfsigned.crt
Then you can import the certificate to ACM using the CLI as follows:
$ aws acm import-certificate --certificate fileb://etc/ssl/certs/my-selfsigned.crt --private-key fileb://etc/ssl/private/my-selfsigned.key
You may need to change the file-paths depending on where your certificate and key is. Refer to the documentation on exactly how to do this: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate-api-cli.html#import-certificate-cli
Once you have done this - the self-signed certificate can be used on an ALB.
Note with imported certificates - you need to take care of renewing them - so Riku's advice to get a real domain is the most robust way forward in production. Self signed certificates are not generally trusted by most client machines.
Relevant content
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 12 days ago
- How can I troubleshoot issues when I use the AWS Load Balancer Controller to create a load balancer?AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 days ago