SSL setup on Windows Server Lightsail Instance

Question

Hello,

We are attempting to set up a dev instance of a client's ERP which runs on Windows Server 2019. To complete our integrations, we need to enable SSL on the server so that we can make HTTPS API requests. The target domain is a subdomain of a domain registered and maintained at name.com; transferring the domain to be managed by Amazon is not possible. Documentation and knowledgebase requests I've seen do not clarify whether the SSL certification should be done in the Lightsail console or in the Windows server that is running, nor is it terribly useful for cases where the domain is managed elsewhere.

The ERP has already been set up and can be accessed via HTTP, everything necessary has been installed on the server, this is the last step.

Thank you for your time. Let me know if there would be additional helpful information.

Answer

Hi, it depends on how your Windows instance receives HTTPS traffic.

1. If your instance is behind a Lightsail load balancer: you need to create a Lightsail certificate, validate it by creating the necessary DNS records in your DNS server (the one managed by name.com), attach this certificate to the load balancer. And that's it. Note that this approach incurs the cost of having a load balancer.
2. If your instance receives HTTPS traffic directly (w/o any proxy like Lightsail load balancer): you need to have static IP attached to this instance, add `A` record targeting this static IP address in your DNS (the one manged by name.com), add `AAAA` record targeting this instance if you need IPv6 support, and then [visit "Let's Encrypt"][1] to learn how to set up certificates on Windows servers. This approach does not incur additional costs, except the know-how of managing/maintaining "Let's Encrypt" certificates.

[1]: https://letsencrypt.org/docs/client-options/#clients-windows-/-iis

SSL setup on Windows Server Lightsail Instance

相關內容