AWS Certificate Manager Certificate is not visible to AWS Beanstalk from Console

2
votes

I am new to AWS and need help to select the AWS Certificate Manager provisioned Certificate from Elastic Beanstalk Loadbalancer using AWS Console.

  1. Deployed my Java application on Linux instance using Elastic Beanstalk and that worked fine with Http.
  2. Provisioned a new wildcard certificate using AWS Certificate Manager.
  3. Under Elastic Beanstalk Configuration - Network Tier - Load Balancing Settings gear Icon, I changed "Secure listener port" = 443 and "Protocol" = HTTPS.
  4. But the "SSL Certificate ID" does not list the certificate to pick.

Please suggest what is that I am missing here.

I have read many suggestions to do by CLI but I am not an CLI expert and wanted to use the console feature for simplicity.

EDIT-1: I can see the certificate under EC2 - Load Balancer - Listener TAB if I try to add HTTPS, but not under Beanstalk. I am not sure if I shall add this listener under EC2 or not, but I think I need to add SSL to Beanstalk as My application get deployed using Beanstalk into EC2.

3
amazon-web-servicessslhttpsamazon-elastic-beanstalk
AWS Certificate Manager certificates .can be accesses through CLI only not from consoleerror2007s
@Prabhat can you confirm if you see Status Issued in the ACM manager console? Can you also confirm if in the details you see an Identifier for that certificate?Rodrigo M
@error2007s I think AWS has allowed to pick the certificate from console but that does not work. Please refer docs.aws.amazon.com/elasticbeanstalk/latest/dg/…Prabhat
@RodrigoM I can see the status of the certificate as "Issued" in the ACM manager console and I can see the "Identifier" as well in detail.Prabhat

3 Answers

3
votes

This will happen if you created your SSL Certificate on a different Region to your Elastic Beanstalk instance. An easy gotcha!

1
votes

To setup a SSL certificate for your Elastic Beanstalk environment, please see Configuring Your Elastic Beanstalk Environment's Load Balancer to Terminate HTTPS

There is a console setup step as you describe in step 3, so that looks good. Also note you need to update the EB configuration as shown in the above document.

0
votes

From AWS documentation:

For Classic Load Balancer and Application Load Balancer, if the drop-down menu doesn't show any certificates, you should create or upload a certificate for your custom domain name in AWS Certificate Manager (ACM) (preferred). Alternatively, upload a certificate to IAM with the AWS CLI.

I guess AWS CLI with IAM must be used as described here