Add HTTPS Listener to Application Load Balancer

1
votes

I have an Application Load Balancer (ALB) that uses the default DNS name provided by AWS.

i.e. name of my-loadbalancer in US East is given the DNS name:

my-loadbalancer-1234567890.us-east-1.elb.amazonaws.com

basic configuration

I have a listener over HTTP that works just fine:

http://my-loadbalancer-1234567890.us-east-1.elb.amazonaws.com/

However, when I go to add an HTTPS Listener, I need to provide a certificate that matches the current domain. I can pick something from my ACM store, but they're all for custom domains

HTTPS Listener

I can request a new certificate, but not sure how I'd be able to validate against ***.us-east-1.elb.amazonaws.com

This is a backend service, so I don't need a user friendly domain.

Is there anyway to add HTTPS to a load balancer out of the box?

1
amazon-web-servicesdnsssl-certificateamazon-elb
Maybe Related to Install Wildcard Certificate onto AWS EC2 Load BalancerKyleMit

1 Answers

2
votes

You can add any ACM certificate you have to a listener, after all this load balancer is a CNAME and would be resolved to your hostname(s) via a DNS record.

However for any ACM certificate you have to be able to verify that you control that domain. As the load balancers domain is owned by Amazon you cannot verify this domain. If you attempt to access the load balancers CNAME directly in the browser it will show as insecure (as the SSL will not be valid for that domain), you will however be able to verify HTTPS works.

The only solution to have a valid HTTPS endpoint will be to use an ACM certificate for a domain you own, and resolve it via that domain name rather than the load balancers CNAME.