Elastic Beanstalk Security Certificates
Jump to navigation
Jump to search
Overview[edit]
Instructions on how to install security certificates for websites hosted in AWS Elastic Beanstalk environments.
AWS Certificate Manager[edit]
- In the AWS management console, go to AWS Certificate Manager (ACM)
- Click Request a Certificate
- Certificate Type: "Request a public certificate"
- Fully qualified domain name: Enter domain name
- Click Add another name to this certificate to add any additional subdomains or wildcards to the certificate
- Select validation method: DNS validation
- Click Request button
- The new certificate will be displayed in a list along with its associated domain name.
Validate the certificate’s domains[edit]
Each domain listed on the certificate must be validated to prove the person creating the certificate has control of the domain.
- Click on the certificate in the ACM list.
- Under Domains, a “Create records in Route 53” button is displayed if the Route 53 is used to manage the domain name.
- Click that button.
- Select the domains to validate.
- Click Create Records.
It can take up to 30 minutes for the status of the domain to change from “pending validation” to “issued.”
Apply the certificate to load balancers[edit]
A certificate is used to add a "listener" to the load balancer associated with an Elastic Beanstalk instance. The listener routes HTTPS requests to the EBS instance.
- Go to the Elastic Beanstalk management console.
- Select an EBS environment.
- Click Configuration from the menu on the left.
- Select Load Balancer > Edit
- Under Listeners, click Add Listener
- Port: 443
- Protocol: HTTPS
- SSL Certificate: Select the certificate created in ACM
- SSL Policy: (blank)
- Default process: (default)
- Click Add
Make sure to scroll down to the bottom of the page to click Apply. I didn’t notice this at first and was wondering why the new listener was disappearing.