I have an SSL certificate associated with a load balancer on Amazon Web Services. I would like to have an additional domain on that certificate. My questions are:
Is it possible to add an additional domain to an EXISTING ssl certificate on aws? I see that you can add additional names when you create one, but I don't see how to do it with an existing certificate.
If no to 1, is it possible to associate 2 certs with the load balancer? Or do I need to create a new one that includes both domains and replace the cert with the new one?
Thank you for your advice.
It is not possible to do either of these things.
Certificates can never be modified -- that would invalidate them.
Balancers cannot attach more than one certificate to a given listener, and can't have more than one listener on a port.
Your solution is to create a new certificate with all of the needed domain names, and swap them out.
Actually (as of Feb 12, 2019) you can request another certificate and then Add to your load balancer. I just did this myself. I had one certificate with 5 domains and I didn't want to have to create another just for one more. So I created the new certificate for the one domain and then added ( look for a plus sign ). Easy and it takes effect right away. Good luck.
AWS ELB/ALB support up to 25 certificates now. You can request new ACM certificates or upload your own certificates and use them with your load balancers
As a work-around, you can create a new certificate in AWS Cert Manager with all the same domains from an existing cert plus one any new one needed. With DNS validation for both existing and new certs, all the existing domains successfully validate automatically on the new cert (unique DNS IDs kept for easy renewal). You just need to add the DNS validation records for any new domains, let it validate and then swap the cert (just tested with cert + Cloudfront, haven't with an ELB).
Related
I've deployed an app to Elastic Beanstalk and now in order to have htpps I need to add port 443 in ELB and mention the SSL certificate. Now as I don't have one I'm trying to create. I got the domain after deploying frontend to Firebase. I found that after requesting the certificate I need to create a CNAME record and use values provided in AWS requested certificate in order to validate it I just can't seem to find the way to create it in Firebase. Am I doing something wrong? Any help is appreciated
I tried to create the cname in AWS Route 53 hosted zones and expected the ssl to be validated but I think I need to create the record in Firebase I don't know how to do it.
You would need to identify where your DNS records are being managed. Once you get the records added at the right place your certificate will be validated successfully.
I am trying to add SSL Certificate in ALB, but getting following error.
I have requested successful 1 ACM Certificate, but unfortunately that was wrongly configured, and this issue is repeating after deleted my first ACM Certificate. Does AWS not allow to create multiple ACM Certificates ?, I dint found edit option to change FQDN hence I have to delete old cert
What is probable root cause, I tried to connect support team unfortunately ticket is still open.
As per docs
ACM requires additional information to process this certificate request. This happens as a fraud-protection measure if your domain ranks within the Alexa top 1000 websites. To provide the required information, use the Support Center to contact AWS Support. If you don't have a support plan, post a new thread in the ACM Discussion Forum.
In my view [ only possible solution ]
All Amazon certificates for these domains will remain functional until expiration, but will not be renewable and no new certificates from these domains will be issued. The only workaround that would work in your scenario would be to obtain a certificate from a third party that can issue a certificate for your domain, and import the certificate into ACM
Contacting Support is recommended to resolve the issue as explained in this document. Also, it's not possible to change domain names when a certificate has been requested and you can create multiple certificates in ACM.
I have one load balancer on the GCP.
my project uses multi-domain and it is possible that add domains on after.
when I create a certificate with the google-managed certificate, I can't edit the certificate and add a domain.
I know I can remove the certificate and create a new certificate.
but not good because domains will not be certified for a while.
Do I have to get a certificate from somewhere else?
Is it possible to get a certificate that I can add to that domain later without changing the public key and private key?
What is your suggestion?
Google Cloud HTTP(S) Load Balancers support multiple certificates. If you need to add another domain, create/add a new certificate.
Using Google-managed SSL certificates
I am trying to point both https://app.test1.com and https://app.test2.com to a aws cloudfront distribution.
Does anyone how how to do it? I am unable to figure out how to add both domains and also both the SSL certs to a single cloud front distribution
You can only attach 1 one certificate to each CloudFront distribution. If multiple domains is what you want, you need a single certificate with all the desired hostnames listed as Subject Alternative Names. Many SSL CAs will sell you a cert like this, sometimes called multi-domain, SAN, or UC certificates. You can also get one from Amazon Certificate Manager.
You add additional hostnames to your distribution the same way you added the first one: configure alternate domain names. Simply using DNS CNAME records isn't enough, becaue CloudFront has to expect the hostname on the incoming request.
I'm in the process of moving from another cloud provider. Currently I'm just testing in the default environment that has a url looking like this:
http://example-env-1.us-east-1.elasticbeanstalk.com
I'm trying to get SSL/HTTPS working for this address. I then plan using a CNAME to redirect to this address and eventually move the nameservers over completely.
However, after setting everything else up successfully I get to the point of adding the certificates and it just says "failed":
And even though I have my actual "example.com" ssl certificate successfully issued nothing shows up in the load balancer certificate selection dropdown (and yes I have refreshed):
How do I enable SSL using the Certificate Manager?
That's because you are trying to request a cert for the elasticbeanstalk.com domain. You will not be able to get a cert for that domain as you are not the owner of it :). Nor can you setup https for the default elastic beanstalk domains they give you.
You should use ACM to get a certificate for your custom domain, the one you plan on making a CNAME record for.
Example:
If you were to own say the domain amyneville.com. You could create a cert through ACM for that domain.
If you use your custom domain, you do NOT need a to get a cert for the elasticbeanstalk.com domain.
A couple more things:
You cannot create a CNAME record on a TLD (amyneville.com). You can create the CNAME record for www.amyneville.com. So if you want to use the CNAME approach you will have to create a non-www redirect to www..
But better then a CNAME would be to use an A record and point it to the elastic beanstalk resource that was setup. So the load balancer that was created for you, use it's A record.
Last but not least, you cannot apply the ACM cert through the elastic beanstalk console. Instead you will have to use the AWS CLI tools. Here's a link on how to do it: https://stackoverflow.com/a/35173500/1445460
I was looking for this myself and found this useful blog post from one of the Amazon team ...
https://medium.com/#arcdigital/enabling-ssl-via-aws-certificate-manager-on-elastic-beanstalk-b953571ef4f8#.frcj0rj4t
Whilst you can't use the console to select the certificate as stated in your question you can use the Elastic Beanstalk CLI to set the certificate to one you have created in Certificate Manager.