Setting up HTTPS for ELB and EC2

0
votes

I am currently hosting a frontend and backend website on AWS. Here is my current setup:

FrontEnd:

  • Static website hosted on S3
  • Cloudfront CDN
  • ACM certificate for HTTPS on Cloudfront

Backend:

  • Nginx Docker image on EC2
  • ELB setup targeting the single EC2 instance

I have the frontend HTTPS working correctly by generating the certificate for Cloudfront using Route 53. For the backend, I setup ELB so that I can use ACM to also manage my backend cert instead of doing it directly on the server.

I am confused on the domain I am supposed to create the certificate for ELB. Would I need to create a sub domain that points to the DNS location of the EC2 instance? I tried adding the DNS location of the domain ([...].compute-1.amazonaws.com) to generate the cert but when I try to DNS validate it within ACM, it fails.

Any thoughts?

2
amazon-web-servicesamazon-ec2amazon-acm

2 Answers

1
votes

I am supposed to create the certificate for ELB. Would I need to create a sub domain that points to the DNS location of the EC2 instance?

You are very close. You need to create a subdomain that points to the DNS of the ELB. You can only create SSL certificates for domains you own. You don't own compute-1.amazonaws.com so you can't create an SSL certificate for that.

0
votes

will you create a DNS entry on your existing domain to use as an ALIAS to the ELB of your backend?

If yes, you can use your existing cert for your domain on ACM configured in a 443 listener in the ELB.