Adding a secure HTTPS certificate to AWS EC2 Instance

4
votes

I have an application running on an AWS EC2 instance with the domain's nameservers on AWS as well. I have an A record with the public IP.

I've create a secure certificate with ACM and also created an ELB Load Balancer. My domain still doesn't show the HTTPS in front of it.

Can anyone provide some help? Many thanks

3
amazon-web-servicesamazon-ec2amazon-elb
Did you attach the ACM certificate to ELB?Ashan
Hey Ashan. Do I attached the ACM to ELB by creating an A record Alias and selecting the ELB load balancer? If so, it's not allowing me to create another A record.mydomain.com (I already have a www.mydomain.com A record with my Public EIP from AWS where the application is hosted). So I'm looking at the way to work around this. CheersNPM
No You need to edit your ELB configuration and attach the ACM certificate. Check the following documentation for more details. docs.aws.amazon.com/elasticloadbalancing/latest/classic/… Also make sure you have the same domain as the SSL certificate mapped through A-Record Alias to the ELB.Ashan
Thanks Ashan, still struggling on this one. I've followed the steps in the link you provided and haven't been able to get HTTPS working. It appears the ACM certificate is attached to the ELB.NPM

3 Answers

0
votes

Have you tried this ?

First, you need to open HTTPS port (443). To do that, you go to https://console.aws.amazon.com/ec2/ and click on the Security Groups link on the left, then create a new security group with also HTTPS available. Then, just update the security group of a running instance or create a new instance using that group.

After these steps, your EC2 work is finished, and it's all an application problem.

Credit to : https://stackoverflow.com/a/6253484/8131036

0
votes

The solution is pretty simple.

First of all, edit the listeners on your ELB and do the following:

443 (HTTPS) => 80 (HTTP) - and apply ACM certificate.

What this essentially is doing is tells the ELB to listen on port 443 (HTTPS) and terminate the certificate and then forward traffic internally over port 80 (HTTP) - the port the instance is listening on.

You can also add port 80 (HTTP) and forward to port 80 (HTTP) (recommended and then set up your application to redirect all users to HTTPS). You can read more about ELB and setting up listeners here Create a Classic Load Balancer with an HTTPS Listener

Second thing you need to do is update Route 53 to point to ELB. ascisolutions.com. A ALIAS s3-website-us-west-2.amazonaws.com. You can read more about it here Routing Traffic to an ELB Load Balancer

Let me know if you have more questions in the comments section and I'll do my best to reply.

0
votes

You cannot install an ACM certificate on an ec2 instance directly, but you can install it on your load balancer and have the load balancer terminate SSL.

Create a target group and register your ec2 instances using port 80.

In your ELB, setup listeners for both port 80 and 443. You'll need to add your ACM cert to your https listener (port 443). Note that the certificate needs to be issued in the same region as your ELB.

The ELB does not handle redirecting insecure traffic to HTTPS, if needed, you will need to update your application to redirect http to https.