3

I want to use Let's Encrypt certificates for both EC2 and Cloudfront.

  • I am creating a wordpress installation EC2 t2.micro using Ubuntu 16.04(HVM) AMI and nginx. EC2 region will be us-east-2 (Ohio).
  • I can create Let's Encrypt cert using the certbot for the EC2 and can upload the cert to AWS IAM through CLI to use for Cloudfront.

The issue I am facing is:
The certificate generated by certbot for the EC2 will be for example.com but I want to use cdn.example.com for Cloudfront. Is it possible to create and use two different certs, one for the EC2 and the other for Cloudfront?

mesumosu
  • 33
  • 4

1 Answers1

3

Use the AWS Certificate Manager to create the cert for CloudFront. Use Let's Encrypt for the instance security certificate.

I've done this, it works fine.

Tim
  • 31,888
  • 7
  • 52
  • 78
  • The issue is I will be using US-east-2 as the region for my EC2 and ACM for Cloudfront is available for us-east-1 (N. Virginia) – mesumosu Oct 03 '17 at 23:52
  • I ran my server and other resources on Oregon, us-west-2 I think it is. From memory you just issue the certificate in us-east-1 and use it in whatever region you need. – Tim Oct 03 '17 at 23:57
  • 1
    This is correct... CloudFront is not like most AWS services -- it is a global, not regional, service... and the control plane for its global infrastructure happens to be homed out of us-east-1, thus it can only pull certs from ACM in us-east-1. There's no performance impact to this, just an administrative constraint. – Michael - sqlbot Oct 04 '17 at 03:00