Request a SSL certificate from AWS Certificate Manager
August 29, 2018
In AWS, applying a SSL certificate is much easier than before. It is fast, easy, and literally, it is free. However, it can only be applied on
- Elastic Load Balancer (ELB)
- Elastic Beanstalk
- API Gateway
That is to say, if you are setting up a wordpress site on an EC2 instance, you will need to create a ELB for the site. ELB charges you when it is in use* so applying SSL certificate using Certificate Manager may not be a “TOTALLY FREE” solution in the long run.
*”750 hours of an Elastic Load Balancer shared between Classic and Application load balancers, 15 GB data processing for Classic load balancers, and 15 LCUs for Application load balancers” – https://aws.amazon.com/free/
- To request for the Certificate, Go to “Services” -> “Security, Identity & Compliance” -> “Certificate Manager”
- “Request a public certificate”
- Fill in the domain names you wish to apply SSL for (in my website, it is “*.it9felix.com” (for domain with prefix such as “www”) & “it9felix.com” (without prefix)
- Select “DNS validation”
- Do the final check and confirm
- So now there are 2 validations pending:
- Expand each domain item and you will find the following:
Click all “Create record in Route 53” buttons
- And, this is it. The DNS records will be created on your Route 53 Hosted zone and the validations will be completed automatically after ~30min to 1hour.
- Go “Services” -> “Route 53” -> “Hosted zones” -> your domain Record Set
- After ~ 1 hour, you will find your SSL Certificate ready on Certificate Manager
***P. S. If you are using Email Validation, please be sure that you did not hide your WHOIS information during the Domain Registration (Your email address will be hidden on Registrant contact) and you will not be able to receive the verification email.
If you are registering a new domain using Route 53, there is a field where the contact info including your email address will be hidden from WHOIS: see REGISTER A DOMAIN NAME ON AWS