0

For EC2 in public subnet
I have a SSL setup between the Internet and ALB with mydomain.org.
I want to also setup SSL between ALB and EC2. The communication protocol is HTTP/HTTPS and the reverse proxy in EC2 is nginx.

But the thing is I cannot directly generate EC2 amazonaws.com with Let's Encrypt.
That leads me to situation where i need to create a subdomain: ec2.domain.org and point to the EC2 IP, so that I can use my own SSL cert.

The pointing ec2 domain part seems something redundant to me since a EC2 DNS has already been provided. Am I doing this wrong or there is a another way of using https with EC2 DNS?

EC2 in private subnet Also, if i am only allowing HTTP/HTTPS access for the EC2 to be accessible by ALB only, how can I setup the SSL between EC2 and ALB in the requirement where SSL is strictly required between EC2 and ALB.

vincentsty
  • 2,963
  • 7
  • 34
  • 51
  • Check this if it helps - https://aws.amazon.com/premiumsupport/knowledge-center/acm-ssl-certificate-ec2-elb/ – Ankush Jain Nov 22 '22 at 15:29
  • @AnkushJain no it does not .... i can install the same cert of my domain. But not the same cert for EC2 provided domain with XXX.amazonaws.com because neither let's encrypt and others provide this SSL cert with domain XXX.amazonaws.com. My intention is to use https with EC2 default domain. – vincentsty Nov 22 '22 at 16:01
  • @AnkushJain and how would https with SSL between ALB can be setup with EC2 in private subnet that is restricted to be accessible by ALB only where end to end encryption is required? – vincentsty Nov 22 '22 at 16:04
  • The cert should be of the domain the client is actually requesting. SSL's server name matching is based on the `Host` header of the http request, which the ELB does not change to your ec2 dns name. – jordanm Nov 22 '22 at 16:17
  • Read this - https://stackoverflow.com/a/42027781/1273882 – Ankush Jain Nov 22 '22 at 16:23

0 Answers0