2

I've just started using AWS a week ago. I deployed my NodeJS backend in a Docker container via Elastic Beanstalk. And a front-end Angular5 app in an S3 via CloudFront.

I bought a domain name on GoDaddy and configured it to point to my CloudFront Angular5 app. I also generated an SSL certificate for that domain (used for the front-end). However, all requests from the frontend app are getting blocked due to the backend insecurity.

So, as I understand, the next step would be to configure HTTPS for the ElasticBeanstalk NodeJS backend.

I found a variety of articles on that topic. But all of them assume I already have a certificate issued.

The problem is that when I tried to request a certificate via ACM for the URL that Elastic Beanstalk gives me (my-website.eu-west-2.elasticbeanstalk.com), the request got rejected with the following Error:

Request failed The status of this certificate request is "Failed". Additional verification required to request certificates for one or more domain names in this request.

What can I do in that case? And is it even possible to use aws-provided URLs (like the one provided by elastic beanstalk) to request SSL certificates?

Apologies if my terminology is not very correct. I'm quite new to all this stuff.

Daniil Andreyevich Baunov
  • 2,723
  • 1
  • 24
  • 48

2 Answers2

3

You cannot register SSL certificates for Amazon domains (amazonaws.com, elasticbeanstalk.com, etc.)

If you want to use HTTPS for your Elastic Beanstalk application (internal or external), you must use your own domain.

  1. Register a domain with a DNS registrar.
  2. Request an SSL certificate via ACM for that domain.
  3. Assign that ACM certificate to your Elastic Beanstalk application.
  4. Point your domain to the Elastic Beanstalk application, CNAME for external DNS, CNAME or ALIAS for Route 53.
  5. Access the EB application via your domain name, and NOT the elasticbeanstalk-assigned address.
Matt Houser
  • 33,983
  • 6
  • 70
  • 88
  • Isn't there a step missing here? Like adding a Route 53 domain then adding elasticbeanstalk-assigned as an alias to a Route 53? – Jeremy Jun 19 '18 at 23:36
1

Yeah, as Matt Houser mentioned, it’s not possible. I was just wondering whether I should get another domain name.

What I did eventually is quite simple. I used route53 to create another Alias record with url api.my-website.com that points to my Elastic Beanstalk backend.

Then with ACM I issued two separate SSL certificates both for api.my-website.com and for (www.)my-website.com to enable HTTPS both on frontend and backend and attached them to ElasticBeanstalk and CloudFront accordingly. It appeared to be very simple with the services AWS provides.

Here’s the result: https://my-next-movie.com

I’ll just leave it here in case someone is as new as me to all that.

Daniil Andreyevich Baunov
  • 2,723
  • 1
  • 24
  • 48