ACM Create Free Public SSL Certificate

Create Free Public SSL Certificate to be used with ALB. This will be simpler than using Let’s Encrypt certificate as additional script will need to be maintained for Let’s Encrypt cert renewal.

From the EC2 Management Console, click “Services” in the top bar and search for “certificate.” Open the Certificate Manager.

https://www.cloudsavvyit.com/thumbcache/0/0/c654f631d6b20785075b14ac3c4b1824/p/uploads/2019/05/ee3fe620-3.png

Click on “Get Started” under “Provision Certificates.”

https://www.cloudsavvyit.com/thumbcache/0/0/f311dc6b0f4a694a718d51100c565181/p/uploads/2019/05/4dfd9ed5.png

This certificate will be used for securing connections over the internet, so it should be public. Select “public” and click “Request.”

https://www.cloudsavvyit.com/thumbcache/0/0/048a74394d983a8f7f0d116438224e74/p/uploads/2019/05/434a3506.png

Now you can add your domain name to the certificate. AWS certificates support wildcards, so it might be useful to include "*.yourdomain.com" as well, to secure any subdomains you may have. Add any domain you need, then click “Next.”

https://www.cloudsavvyit.com/thumbcache/0/0/1637c9f5714be955a535b80529aefc42/p/uploads/2019/05/722fd2e3.png

Now, you’ll need to verify your domain. AWS offers two types of verification: DNS, and Email.

DNS will require you to add a CNAME record to your domain name. If you’re using AWS Route 53 as your DNS provider, this is easy, but if you’re using something else, the process can take hours to verify.

Email only takes a few minutes. AWS will send an email to the registered WHOIS contact, as well as "admin@yourdomain.com" and a few other common webadmin emails. If you don’t have private email for your domain, you can usually set up email forwarding to a public Gmail account from your registrar’s settings, which will work just as well.

If you’re going with DNS verification, copy the “Name” and “Value” from the domain dropdown. If you’re verifying multiple domains, check if the values are different, as you may have to verify them individually.

https://www.cloudsavvyit.com/thumbcache/0/0/91e3f59feac44da1b7853f014676437a/p/uploads/2019/05/dba5da0a.png

From your DNS provider’s settings, add a new CNAME record, and paste the name and value into the form (this interface will vary depending on your provider).

https://www.cloudsavvyit.com/thumbcache/0/0/114406e15e99ea800cb14e61e115fc75/p/uploads/2019/05/a5c060ad.png

While DNS only takes a few minutes to propagate, AWS may take a few hours to validate the domain, so maybe grab some lunch. If you’re using email verification, it should only take a few minutes after clicking the link in your email.

Once it’s done, you should see the orange “Pending validation” switch to a green “Issued.” You won’t have to download anything; the certificate is automatically usable in other AWS services.