Recently, AWS made the 'Certificate Manager' service available in the European region. With this service, you will be able to use SSL certificate (for free) with your applications hosted on AWS. The big advantage compared to the solution I described here is that this way I don’t have to put the certificate in my source code or have to copy it to my application. I want my Elastic Beanstalk application only to be available via HTTPS. To get this in place, I need to take the following steps:
- Assign a (sub)domain to your application.
- Obtain a certificate from the AWS Certificate Manager.
- Configure AWS Beanstalk application to use SSL.
In this post, I show how I obtained an SSL certificate in the AWS Certificate Manager for the subdomain I registered in Route53 as described in my previous post. The main issue in this step of the process is that when I use the Management Console to get a certificate for my subdomain a verification mail is sent to ‘firstname.lastname@example.org’ instead of to ‘email@example.com’. Because my top level domain is registered outside AWS it wasn’t possible for me to get these mails in my inbox. But there is a workaround for this: Just make use of the AWS CLI as stated in the ‘troubleshoot‘ documentation. In that case, you can enter the top-level domain to be used for the verification mail. The command I used to get an SSL certificate for the subdomain ‘test.palmapps.nl’ is:
aws acm request-certificate --domain-name test.palmapps.nl --domain-validation-options DomainName=test.palmapps.nl,ValidationDomain=palmapps.nl
After performing this command, an email is received to confirm the request for the certificate:
When you click the link in the mail, you get to a webpage where you can approve the request for the certificate:
That’s it! You now have an SSL certificate registered at AWS. When I now have a look at the Certificate Manager in the Management Console, I see the certificate for test.palmapps.nl:
Now that I have obtained a certificate let me show you in the next post how to use it.