I have added an IP to route 53 to make it a domain name and its working fine. But I dont know how could I add an ssl to that domain. Can anyone please refer me something how to do it?
Asked
Active
Viewed 6.0k times
4 Answers
16
Route 53 is DNS service. So you cannot add SSL to Domain directly in its. The way you should do is point you domain name to server ip. Then you create SSL in that server.
Here is route 53 explaination : https://aws.amazon.com/route53/
After you point it to server or some service you are using , you can generate SSL certificate from that server with https://letsencrypt.org/ Then, you setting up your webserver (i.e. apache,nginx) to serve your website with SSL.
Here is an Ubuntu server example : https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
Edit New Version https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04 You have a lot of options to add SSL to your domain. It's depend on what you are developing.
bran
- 23
- 7
Natsathorn
- 1,530
- 1
- 12
- 26
11
This post is old, but I would like to add my experience (case of an EC2 application) with some details.
- creation of the SSL certificate with ACM:
- click on "Request a certificate"
- choose "public certificate" + Next
- register domain name
- choose "DNS validation" (you will see it is easy to validate)
- then click on "Request" After that, in the list of certificates the status changes to "Pending validation"
- open the certificate by clicking on its name in the list and click on "Create records in Route 53" Once this is done, a CNAME registration is automatically made in the Hosted zones and the status of the certificate changes to "Issued". more details here
- creation of an "Application Load Balancer"
- Everything is explained here.
- Note that you must define 2 listeners: HTTP, with port 80 (which must redirect to HTTPS) and HTTPS with port 443 (forwarding to Target Group) where you add the SSL certificate.
- Note that you can create the Target Group in the EC2 console (where you define your instances).
- You must also open port 443 in the Security Group for HTTPS to work.
- ATTENTION: At the domain registration level in Route 53 > Hosted zones, choose "Alias" instead of entering the IP and :
- Choose "Alias to Application and Classic Load Balancer"
- Choose the Region and the previously defined Load Balancer
- Create record enter image description here
- Wait 60 seconds and test your domain name
Samuel Messigah
- 111
- 1
- 3
-
1When I do this, I need to enter "https://" infront of the domain on my phone, do you know why? It works otherwise on my computer. – Hubert S. Cumberdale Nov 15 '22 at 05:02
-
Hello, Sorry but I've no idea. It doesn't happen to me in my case – Samuel Messigah Nov 15 '22 at 17:57
10
If your website is hosted in S3, you can create a cloudfront distribution for your website hosted on S3 and apply SSL certificate using AWS certificate manager (ACM).
If you are serving your website through a webserver such as apache/nginx running on say EC2 or any other platform, then you can apply a SSL purchased from a third party say GoDaddy etc. You would need to create a Private Key Infrastructure (PKI) on your server using openssh, easy-rsa etc and then generate a Certificate Signing Request(CSR), get it signed from GoDaddy or any other SSL seller. They would provide you back with signed certificate and any intermediate key. Save the returned certificate along with your private key in a secure folder say /etc/pki/tls/certs/ and then add the path of the three cert files in /etc/httpd/conf.d/ssl.conf file if you are using apache as your webserver. Once you restart apache service ,SSL certificate would be deployed to your website.
Vikalp Veer
- 417
- 3
- 7
-
1Is it possible to get a self-signed SSL certificate from AWS, to configure it on EC2? – Navin prasad Sep 22 '20 at 10:57
-
I'm not sure what you mean by "self-signed" but AWS does offer certificates through what Vikalp suggests, AWS Certificate Manager (ACM) – Sticky Aug 08 '21 at 20:28
-
You can use AWS ACM to configure SSL certificate for EC2, but looks like EC2 need to be integrate with AWS service, Cloud Front, AWS Load Balancer. Base on AWS' document. https://aws.amazon.com/premiumsupport/knowledge-center/configure-acm-certificates-ec2/ – user2650480 Aug 10 '21 at 22:29
4
Post is a bit old but I recently was looking for the same and I wanted to share how i solved it in hopes it's useful to others. It's easier than you think in AWS.
- You need an SSL cert, either get it from other cert authorities and import it into AWS Certificate Manager (ACM) or get a public one from ACM and validate it against your domain by adding a hosted zone line, either manually or if you use Route 53 you just need to follow the ACM cert creation process and it will add it for you.
- You need an AWS Application Load Balancer (ALB) to handle the https request handshakes for you to avoid doing it in every single web server node. In your ALB create 2 listeners, one on port 80 that will be redirecting all http requests to https, and the 2nd listener on port 443 where you associate the ACM certificate, define the default security policy and the forwarding to your Target Group (where you register the target instances/nodes of your servers)
- In the security group of your ALB you enable inbound traffic in both ports 80 and 443
- Lastly in your node web server you just need to make sure it accepts traffic in port 443 which for instance in a default Apache installation it does.
With this configuration, the ALB will handle the cert handshake validation with the client's browser and you don't need to bother configuring the ssl certificate in each of your web servers. By the way AWS ALB doesn't allow traffic redirection from HTTPS to HTTP, so if you see here, we are doing the opposite, redirecting from HTTP to HTTPS.
momonari8
- 51
- 4