By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Is it possible to secure my website using an SSL certificate from AWS Certificate Manager if my website is not hosted on AWS?

0

My website is currently unsecure and I want to make it secure. I tried using AWS's services such as ACM, EC2, Application load balancer. My website is not hosted on AWS and have purchased domain from external service (domain not registered with AWS). I tried below steps but still my website is not secure

  1. Requested public SSL from AWS, which was issued after creating CNAME records in DNS.
  2. Created an EC2 instance (free tier eligible). Created A record in my DNS with its public IP.
  3. Created new target group and registered above EC2 instance with it.
  4. Created application load balancer - forwarded HTTPS traffic to above target group and redirected HTTP traffic to HTTPS.
    • Attached ACM provided certificate with HTTPS listener
    • Added load balancer's DNS name as CNAME record in my DNS.
  5. Using Security group with required inbound rules (allowing HTTP, HTTPS connection from anywhere).

Am I missing any configuration here or is it not feasible to do this in this scenario?

Topics
ComputeSecurity, Identity, & Compliance
Tags
Amazon EC2AWS Certificate ManagerApplication Load Balancer
Language
English
Sayali
asked 8 months ago551 views
2 Answers
1
Accepted Answer

Hello,

When you say "Is it possible to secure my website using an SSL certificate from AWS Certificate Manager if my website is not hosted on AWS?", I think there is some confusion here. I read through your question and the steps you are following, and I think what you mean to say is that your DNS is not managed on AWS, but your website is. To be more clear, it sounds like your DNS is managed by the registrar you purchased your domain from, but your website files are actually hosted on the EC2 instance, that is running a web server, correct? If so, it sounds like you are on the right path. Let's go through the steps and verify everything is set up correctly:

Step 1: SSL Certificate: It seems you have successfully requested and verified a public SSL certificate through AWS ACM, which is great. Ensure that the certificate covers the correct domain name(s), including any subdomains if necessary.

Step 2: EC2 Instance: You mentioned that you have created an EC2 instance and added its public IP as an A record in your DNS settings. This setup is generally correct.

Step 3 & 4: Target Group and Load Balancer: Creating a target group and registering your EC2 instance with it is the right step. Similarly, setting up an Application Load Balancer (ALB) to forward HTTPS traffic to the target group and redirect HTTP traffic to HTTPS is also correct. Ensure that:

  • Your ALB is correctly configured to listen on both HTTP (port 80) and HTTPS (port 443).
  • The HTTP to HTTPS redirection rules are correctly set up in the ALB settings.

Step 5: Attaching the ACM Certificate: Attaching the ACM certificate to the HTTPS listener on your ALB is a crucial step. Double-check to ensure it is correctly associated.

Step 6: DNS Configuration: Adding the ALB DNS name as a CNAME record in your DNS settings is also correct. Here, you need to make sure that:

  • The CNAME record correctly points to the ALB DNS name (it should not be an A record pointing to the ALB IP, as ALB IPs can change).
  • Your www subdomain (if you use one) is correctly set up.
  • After updating the DNS records, it might take some time for the DNS changes to propagate globally due to DNS caching. This can take up to 48 hours, but generally much faster.

Step 7: Security Group: Ensure your security group allows HTTP and HTTPS traffic, which seems to be correctly configured from your description.

Additional Checks:

  • Browser Cache: Sometimes, browser caches can cause issues. Try accessing the website in incognito mode or clear your browser’s cache and try again.
  • DNS Propagation: As mentioned earlier, DNS changes can take some time to propagate globally. You might check the DNS propagation using tools like DNS Checker.
  • Other DNS Records: Make sure you don't also have an A record pointing to your old web server address in conflict with the CNAME for the ALB. Remove any legacy records.
  • SSL Configuration: You might review the SSL configuration on your server to ensure it’s correctly set up to handle HTTPS requests.
  • Website Configuration: Ensure your website server (like Apache, Nginx, etc.) is correctly configured to serve content over HTTPS.
  • SSL Test: You might use SSL test tools like SSL Labs SSL Test to identify any issues with your SSL setup.

If you’ve checked all the above and still encountering issues, please provide us more details on the issues you’re seeing, so that it's easier to pinpoint the problem.

I hope this helps!

profile picture
Joe Licata
answered 8 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
  • Sayali
    8 months ago

    Hi Joe, Appreciate you taking the time to explain. Thank you for clarifying. Yes, my DNS is managed by the registrar I purchased my domain from, but web hosting service is also external. Website files are not on EC2 instance. Currently, nothing is being managed by AWS neither domain nor web hosting. I only created load balancer in order to use this certificate issued by AWS. I am trying to understand if still I can use SSL certificate from AWS just to make my website access secure. Do I need to host my website on AWS in order to use AWS certificate?

1

Appreciate you taking the time to explain. Thank you for clarifying.

Of course, happy to help!

Yes, my DNS is managed by the registrar I purchased my domain from, but web hosting service is also external. Website files are not on EC2 instance. Currently, nothing is being managed by AWS neither domain nor web hosting. I only created load balancer in order to use this certificate issued by AWS.

Ah, thank you for the clarification. In this case, no, ACM is not the right solution for you. Also, the costs associated with this AWS setup is going to far exceed the cost of setting up SSL with your web host. Your web host should be able to use a service like https://letsencrypt.org/ which offers free SSL certificates. I would reach out to your web hosting provider and ask them to help you get setup with SSL on their environment.

One additional note here. AWS offers competitive services to replace your webhost and provide enterprise grade hosting and security. They are the top rated cloud infrastructure provider in the world, by every measure. That said, it is much more complicated, and sometimes more expensive, than just using a traditional webhost for a website. If you are just getting started with AWS, lightsail can simplify things a bit (https://aws.amazon.com/lightsail/). That said, it will still will require more management (e.g., management of the web server and environment) than what a shared hosting provider, or a WordPress specific hosting provider will, for example, require from you. Again, these providers can provide you support to setup SSL, so I would reach out to your web hosting service directly if you want to keep your webhosting there.

I am trying to understand if still I can use SSL certificate from AWS just to make my website access secure.

No, AWS is not a standalone SSL certificate provider, intended to be used with other infrastructure service providers.

Do I need to host my website on AWS in order to use AWS certificate?

There are nuances here but as you have described your use case, I would say the answer to this is yes.

profile picture
Joe Licata
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content