0

I want to install certificate on EC2 for domains and subdomains.

I'm running a website "www.example.in" on single EC2 instance which is in public subnet with public IP and also pointing some subdomains like "api.example.in", "dashboard.example.in" and "jenkins.example.in" to the same EC2 instance.

I thought to use ACM certificate to secure my website but ACM certificate can't be use directly on EC2 instance.

If i use third party tools like "let's encrypt". If I install certificate directly on EC2, will it block my subdomains or will impact on my website?

Stuggi
  • 3,506
  • 4
  • 19
  • 36
rajeev singh
  • 1
  • 2
  • You will need a separate certificate from letsencrypt for each domain & subdomain. You can get a wildcard certificate covering them all but there are security risks (I recall reading something about cross site leaking or similar). Certbot is a tool which will help you. – Admiral Noisy Bottom Jun 04 '20 at 09:32

1 Answers1

1

This is a question of your your environment.

Option 1: ACM - certificate with SSL termination:

This option means - Amazon will issue your certificates, handles them for you, and will terminate the SSL layer for you. Your servers will receive HTTP(port 80) traffic unencrypted.

Option 2: Let'sEncrypt - Free certificates on your EC2 servers.

Let'sEncrypt issue for you the certificates as long you prove your ownership of the host names.

The best way to do this is one certificate that contains many SAN (many domain names).

E.g:

certbot certonly -d example.com -d www.exmaple.com -d dashboard.example.com
and so on.

JonnieJS
  • 150
  • 5