Scenario: I have an EC2 instance which hosts the api's.
I am using elastic ip for ec2 instance.
This is the url where I can access to my apis.
ec2-xx-xxx-xx-xxx.us-east-2.compute.amazonaws.com
I want to add ssl to this url
please guide how to add ssl to my ec2 instance
You can't have ssl certificates for *.amazonaws.com, you need to have custom domain and for that domain you can have ssl certificate, basically for getting ssl certificates you need to have DNS control of that domain or your one of the emails should be listed in WHOIS lookup, both not possible for amazonaws.com
Related
I am working with Load Balancing to have https to my static website and I have my domain in GoDaddy
I created a LoadBalancer with
Backend configuration: To my Cloud storage buckets & enabled CDN.
Frontend configuration: Https having static IP I have enabled
Google-managed SSL certificate with my domain example.com which is in GoDaddy.
Do I need to do any configuration in GoDaddy like pointing, After 10-20 min I get FAILED_NOT_VISIBLE in domain status
I am new and don't know how to link.
In google docs I can see DNS records for your domain must reference the IP address of your load balancer's target proxy, Can someone help me to understand.
https://cloud.google.com/load-balancing/docs/ssl-certificates?hl=en_US&_ga=2.190405227.-1195839345.1570257391#certificate-resource-status
Finally I fixed it, We need to point the Static IP to DNS in my case I have in GoDaddy, It took some time to point DNS and then it took time for my Google-managed SSL certificate to turn green.
Once it's done I hade an issue with err_ssl_version_or_cipher_mismatch for this we need to add Policy to tell LB to use TLS 1.2 but in my case it automatically resolved in 10 min.
We can Point DNS in two ways one by directly adding Static IP to A record in GoDaddy other is by creating a Cloud DNS in GCP and point Nameserver in Godaddy.
We must establish a link to confirm our DNS with Static IP of LB so that the SSL turns Green after confirming Domain status.
I bought a godaddy domain and managed to map it to the lightsail ip address.
I used "let's encrypt" certbot to issued a license to that domain name. Successful.("Congratulations! You have successfully enabled https://jacky2020.com")
http works, https still doesn't.
Tutorials on Amazon website does not seem to work on the basic account($5/month)
Have you opened up port 443 / https in the Lightsail firewall for that instance?
I've a domain name, basecompany.com. My application is deployed on the server and the IP has been mapped with the domain name in GoDaddy domain registrar DNS settings. Also, it is https enabled using Letsencrypt which automatically refreshes my certificate after every 3 months.
Now, I purchase 5 more domains and just want to reroute those 5 domains to basecompany.com. Nothing else. These are just URLs with no application server. So, I used domain-forwarding service.
However these 5 domains are not https secured. How do I apply letsencrypt certificated within my DNS settings itself, or do I have to separately purchase a SSL certificate from them?
PS: I'm skipping my option to add the domain name in my webserver (nginx)
config file and then map the IP to my DNS of new domain names. I dont want this.
I just want to install the certificate and it should start working.
We have the ssl certs from symantec and have added them to the LB in aws which is currently holding one ec2 instance. We are also using route53 for dns. https://domain.com isn't working, port 80 is ok. I've verified my security groups are allowing 443 for ec2 and lb.
I've been using www.wormly.com to test SSL and notice that the domain.com fails but the FQDN of the load balancer passes "green" for the certs but not the domain.com...
Does the csr need to use the FQDN of the aws load balancer?
There were residual dns records that had to be updated on godaddy unbeknownst to me due to my not having initially purchased the domain.
I have a EC2 instance that act as a web server, it hosts various sites and some of them have ssl certificates, lets say one of them is secure.abc.com and has certificate for https://secure.abc.com
After I added an elastic load balancer, assuming it's public dns 'myelb.amazon.com' and I changed the cname record in my DNS to make 'secure' to point to 'myelb.amazon.com', the certificate becomes invalid.
How do I fix this?
My second question is if I have more than one site that has ssl certificates, will a single load balancer work?
In order to fix this issue, you need multi domain SSl certificate to protect your multiple domains includes your DNS domain name also..!
A single certificate for your domain names is the solution for your issue!
And for second question, answer is yes, if you have website with SSL certificate then your load balancer work for it, even it works for multiple host name or ip address too.
I hope this doc should help you out
Stupid me, there is an option to select "TCP" instead of "HTTP"/"HTTPS" which will make the ELB work at the TCP/IP level