3

I am currently trying to setup https for my backend program (Spring Boot). My first step was to deploy my Backend program using AWS Fargate which gives a public IP in http.

Then I setted up an AWS Application Load Balancer for the AWS Fargate using http only. This process was successful and I am able to call my BE program through the LB with a domain that looks like this: (The numbers and lb name in here are not the real thing)

test-lb-123456.ap-southeast-1.elb.amazonaws.com

Then I want to add an https listener to the LB, so I clicked on "Add Listener" and "Requests a new ACM Certificate" just like the picture below

Add Listener

Then when prompted to ask for a domain name, I add the exact domain that I mentioned above.

Add domain

But this request always fails with error

Additional verification required to request certificates for one or more domain names in this request

My question is, am I doing this correctly? Should I not add the "test-lb..." domain above when prompted to ask for a new certificate? If not, then what domain should I use ?

Thank You

EDIT: Apparently the images might not be displayed correctly yet because I am a low-reputation user, hopefully the images will be shown after review. reference

Aldo aldo
  • 382
  • 1
  • 2
  • 10

1 Answers1

6

You can't get valid SSL certificate for test-lb-123456.ap-southeast-1.elb.amazonaws.com. This is because this domain belongs to AWS. To get HTTPS on your ALB, you need your own domain. You can buy it from Route53 or any external domain registrar.

Once you have your own domain, you can get a free SSL certificate for it using AWS ACM.

Marcin
  • 215,873
  • 14
  • 235
  • 294
  • Does this mean that I have to buy another dedicated domain for my backend service then register this test-lb-123456.... to that domain ? – Aldo aldo Nov 17 '21 at 02:35
  • @Aldoaldo You can create a subdomain, if you already have your own domain, e.g. (`api.mydomain.com`). So technically, don't need a fully separate domain. – Marcin Nov 17 '21 at 02:37
  • I see, last question, so after I created the (api.mydomain.com), I would then need to connect it to my load balancer, correct ? – Aldo aldo Nov 17 '21 at 03:38
  • @Aldoaldo You have to get ssl cert for `api.mydomain.com`, and also create alais record from `api.mydomain.com` to your ALB in Route53 – Marcin Nov 17 '21 at 03:40
  • 1
    I see, noted. Will try – Aldo aldo Nov 17 '21 at 06:10
  • @Marcin Just to clarify, My SSL domain name should be same to my ALB's , right? Different domain name doesn't work ? – Sumanth Shetty Nov 28 '22 at 12:35