0

I have multiple websites, running on Nginx, and I am trying to set up a load balancer, with 3-5 instances sitting under it. All these websites will need an SSL cert. I am trying to think of the best way possible.

  1. Use nginx instance as a load balancer, attach an EBS to the instance, install certbot and store the certificates on the EBS. certbot will renew and update the certs on EBS. The web server instances can then pick the certs from the EBS directly. That way, if an instance goes out of operation or a new one comes in, the certs are all separated out and ready to use.
  2. Use AWS load balancer - but not sure how to store the SSL certs separately if I do this.
  3. Is it possible to use ACM here somehow?

Any insights/thoughts would be appreciated.

Anuj Gakhar
  • 113
  • 1
  • 3

1 Answers1

2

AWS certificate manager integrates nicely with elastic load balancer.

If you plan on using ELB then ACM would definitely be the way to go (if ACM is supported in your region) because certificates will be managed by AWS.

If you plan to stick with Let's Encrypt you will likely need to use Nginx for your frontend so that you can easily configure auto renewals there.

You can find more information here:

https://aws.amazon.com/premiumsupport/knowledge-center/associate-acm-certificate-alb-nlb/

AutoGnome
  • 161
  • 6
  • 1
    Agree, absolutely use ACM if you have a load balancer. It's free and works well. You can do Nginx / Let's Encrypt but that's easier for single server setups otherwise you have to copy keys and certs around. – Tim Aug 06 '21 at 00:34