Can I setup SSL on an AWS provided ALB subdomain without owning a domain?

Question

I have following setup at AWS ECS:

Container with Caddy web-server at 80 port that serves static files and performs proxying of /api/* requests to backend
Container with backend at 8000 port
EC2 instance at ECS
ALB at subdomain http://some-subdomain-12345.us-east-2.elb.amazonaws.com/ (subdomain was provided automatically by AWS) with HTTP Listener

I want to setup SSL certificate and HTTPS Listener for ALB at this subdomain that was provided by AWS - how I can do it?

P.S. I have seen an option for ALB with HTTPS Listener when we are attaching custom domain i.e. example.com and AWS will provide SSL certificate for it. But this is a pet project environment and I don't worry about real domain.

tried Cloudflare in front of your random domain? Setting it to anything but strict for SSL would likely work. — Simon B., Oct 18 '21 at 06:21

score 3 · Answer 1 · answered Oct 19 '21 at 15:47

You can put your ALB behind CloudFront, which unlike ALB gives you a TLS certificate by default. So you can address your application at e.g.:

https://d3n6jitgitr0i4.cloudfront.net

Apart from the TLS certificate, it will give you the ability to cache your static resources at CloudFront's edge locations, and improve latency on the TLS handshake roundtrips.

score 1 · Accepted Answer · answered Jun 04 '21 at 07:22

1

I want to setup SSL certificate and HTTPS Listener for ALB at this subdomain that was provided by AWS - how I can do it?

You can't do this. This is not your domain (AWS owns it) and you can't associate any SSL certificate with it. You have to have your own domain that you control. Once you obtain the domain, you can get free SSL certificate from AWS ACM.

answered Jun 04 '21 at 07:22

Marcin

215,873
14
235
294

Thank you for explanation! Maybe it is possible to get random subdomain via Route 53 from AWS? – A. Innokentiev Jun 04 '21 at 07:26
1

@A.Innokentiev Not sure what do you mean by "random"? Like free? There are no free domains offered by Route53. – Marcin Jun 04 '21 at 07:27
1

I mean AWS provides me random subdomain `some-subdomain-12345.us-east-2.elb.amazonaws.com`. Still strange why AWS generates random subdomain, links it with my infrastructure but doesn't allow install SSL on it ;( – A. Innokentiev Jun 04 '21 at 07:28
1

@A.Innokentiev Yes, but this is how it is. You can get any domain from any domain provider you want. It does not have to be from route53. There are some free ones as well, but outside of route53. – Marcin Jun 04 '21 at 07:31

score 1 · Answer 3 · answered Jul 01 '21 at 16:33

1

This could be a solution without using subdomains but using path redirection

https://caddy.community/t/caddy-2-reverse-proxy-to-path/9193

answered Jul 01 '21 at 16:33

Sebastian Ferrer

11
1

Can I setup SSL on an AWS provided ALB subdomain without owning a domain?

3 Answers3

Linked