How to Get Free SSL Certificate from AWS on Certificate Manager
Jian Jye • October 25, 2019aws
Google has been pushing for HTTPS / SSL adoption in the recent years. First by marking sites without HTTPS unsecured on Chrome, then by making HTTPS availability as a search engine ranking factor, it would be hard to get by in 2019 without a secured website.
Thankfully AWS has made this easier by providing free SSL certificate that you can use for your AWS resources.
A little caveat, the free public SSL certificate only works with limited number of services:
- Elastic Load Balancing (ELB)
- Elastic Beanstalk
- API Gateway
Now if that works for you, let's get started!
Step 1. Go to AWS Certificate Manager from the navbar
It's a little hard to find, let's type in
acm directly to search for it.
Step 2. Click "Request a Certificate"
Step 3. Select "Request a Public Certificate"
Step 4. Fill in the Domain Names
You should fill in
domain.com as well as
domain.com would allow for SSL on the root domain, whereas the wildcard subdomain
*.domain.com would save you to hassle of getting new SSL everytime you have a new subdomain.
Once the certificate is issued, the supported domain names are not changeable. The only way to change it would be to re-request a new one.
Step 5. Select "DNS Validation"
I recommend selecting
DNS Validation because it's fast and straight forward. But if for some reason you do not have access to the DNS manager of your domain, you may opt for
Email Validation instead.
Step 6. Review
Make sure the list of domain names are correct. Again, once issued the certificate is not changeable.
Step 7. DNS Validation
Go to your DNS manager and insert the values as shown.
If you are using AWS Route53, a shortcut button would appear to automatically add the entries for you.
Step 8. From Pending Validation to Issued
After Step 7, it may take a while for AWS to pick up your DNS changes. You would see the status being shown as
Once AWS is able to validate your DNS, the status would change to
Issued and you would see a lot more details.
Now you can use your free SSL from AWS in any of the supported AWS services as mentioned earlier.
Here's a sample on AWS ELB selection screen: