October 25, 2019

How to Get Free SSL Certificate from AWS on Certificate Manager

Google has been pushing for HTTPS / SSL adoption in the recent years. First by marking sites without HTTPS unsecured on Chrome, then by making HTTPS availability as a search engine ranking factor, it would be hard to get by in 2019 without a secured website.

Thankfully AWS has made this easier by providing free SSL certificate that you can use for your AWS resources.

A little caveat, the free public SSL certificate only works with limited number of services:

Now if that works for you, let's get started!

Step 1. Go to AWS Certificate Manager from the navbar

It's a little hard to find, let's type in acm directly to search for it.

AWS Services Dropdown Menu

Step 2. Click "Request a Certificate"

AWS Certificate Manager

Step 3. Select "Request a Public Certificate"

ACM Request a Certificate Selection Screen

Step 4. Fill in the Domain Names

You should fill in domain.com as well as *.domain.com.

domain.com would allow for SSL on the root domain, whereas the wildcard subdomain *.domain.com would save you to hassle of getting new SSL everytime you have a new subdomain.

Once the certificate is issued, the supported domain names are not changeable. The only way to change it would be to re-request a new one.

ACM Form to Add Domain Names

Step 5. Select "DNS Validation"

I recommend selecting DNS Validation because it's fast and straight forward. But if for some reason you do not have access to the DNS manager of your domain, you may opt for Email Validation instead.

AWS ACM Validation Method Selection Screen

Step 6. Review

Make sure the list of domain names are correct. Again, once issued the certificate is not changeable.

ACM Confirmation Screen

Step 7. DNS Validation

Go to your DNS manager and insert the values as shown.

If you are using AWS Route53, a shortcut button would appear to automatically add the entries for you.

ACM DNS Validation Instructions

Step 8. From Pending Validation to Issued

After Step 7, it may take a while for AWS to pick up your DNS changes. You would see the status being shown as Pending validation.

Once AWS is able to validate your DNS, the status would change to Issued and you would see a lot more details.

AWS Certification Manager with Issued Certificate Details


Now you can use your free SSL from AWS in any of the supported AWS services as mentioned earlier.

Here's a sample on AWS ELB selection screen:

AWS ELB Certificate Selection Screen


Hello! My name is Jian Jye and I work on Laravel projects as my main job. If my article was helpful to you, a shoutout on Twitter would be awesome! I'm also available for hire if you need any help with Laravel. Contact me.