How to Get Free SSL Certificate from AWS on Certificate Manager

Jian Jye • October 25, 2019

aws

Google has been pushing for HTTPS / SSL adoption in the recent years. First by marking sites without HTTPS unsecured on Chrome, then by making HTTPS availability as a search engine ranking factor, it would be hard to get by in 2019 without a secured website.

Thankfully AWS has made this easier by providing free SSL certificate that you can use for your AWS resources.

A little caveat, the free public SSL certificate only works with limited number of services:

Now if that works for you, let's get started!


Step 1. Go to AWS Certificate Manager from the navbar

It's a little hard to find, let's type in acm directly to search for it.

AWS Services Dropdown Menu


Step 2. Click "Request a Certificate"

AWS Certificate Manager


Step 3. Select "Request a Public Certificate"

ACM Request a Certificate Selection Screen


Step 4. Fill in the Domain Names

You should fill in domain.com as well as *.domain.com.

domain.com would allow for SSL on the root domain, whereas the wildcard subdomain *.domain.com would save you to hassle of getting new SSL everytime you have a new subdomain.

Once the certificate is issued, the supported domain names are not changeable. The only way to change it would be to re-request a new one.

ACM Form to Add Domain Names


Step 5. Select "DNS Validation"

I recommend selecting DNS Validation because it's fast and straight forward. But if for some reason you do not have access to the DNS manager of your domain, you may opt for Email Validation instead.

AWS ACM Validation Method Selection Screen


Step 6. Review

Make sure the list of domain names are correct. Again, once issued the certificate is not changeable.

ACM Confirmation Screen


Step 7. DNS Validation

Go to your DNS manager and insert the values as shown.

If you are using AWS Route53, a shortcut button would appear to automatically add the entries for you.

ACM DNS Validation Instructions


Step 8. From Pending Validation to Issued

After Step 7, it may take a while for AWS to pick up your DNS changes. You would see the status being shown as Pending validation.

Once AWS is able to validate your DNS, the status would change to Issued and you would see a lot more details.

AWS Certification Manager with Issued Certificate Details


Closing

Now you can use your free SSL from AWS in any of the supported AWS services as mentioned earlier.

Here's a sample on AWS ELB selection screen:

AWS ELB Certificate Selection Screen

Sign up for our newsletter