I have a VueJS front-end application running on S3 being served as a static website.
I have a NodeJS (behind an nginx reverse proxy, plus a few other services) backend application running on an EC2 instance that the VueJS app talks to (over http currently).
I have a domain successfully pointed at the VueJS app (S3 bucket) with the configured SSL certificates using Route53 / CloudFront / ACM.
However, now the VueJS app will not communicate with the EC2 instance backend as it is still using HTTP which is now not allowed.
So what is the best way to configure this? I can't run certbot on the ec2 instance and generate an SSL certificate for my domain as there are certificates already being used for the S3 bucket.
Should I just create a self-signed certificate?
Can I create another certificate for a subdomain perhaps (api.example.com
say) and set up DNS record for that to point to my EC2 instance IP address?
How is this usually done, what is best practice?