4

I have tried the following solutions but no one of them solved my problem:

  1. Using AWS Certificate Manager (ACM Certificate) with Elastic Beanstalk

  2. Set load balancer listener ssl certificate - can not give a link because I don't have 10 reputation

  3. Configuring Your Elastic Beanstalk Environment's Load Balancer to Terminate HTTPS - can not give a link because I don't have 10 reputation


I have issued SSL Certificate in the ACM and I have configured it to work correctly for my cloundfront. But when I try to add the same certificate to my loadbalancer I get: "Updating load balancer named: ... failed Reason: Server Certificate not found for the key: arn:aws:acm:us-east-1:..."

I have also tried to add the SSL Certificate manually to the load balancer but there I'm not able to click on "Choose an existing certificate from AWS Identity and Access Management (IAM)"

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
gshock
  • 584
  • 7
  • 18

2 Answers2

4
  1. Download the certificate from ACM.
    1. Via AWS API
    2. Via CLI
    3. Reccommended uploading your own cert to IAM.
      • ACM is only available in Virgina, which beta-tests many AWS Services. For this reason, Virgina often has numerous performance and stability issues.
  2. Add the Cert to IAM
    1. Get the AWS CLI Installed and set-up.
    2. Add the cert to IAM via the CLI.
  3. Add it to your EB Load Balancer
    1. Elastic Beanstalk > Application > Environment
    2. Configuration > Load Balancing > config (gear-icon)
    3. Set the SSL-Cert
    4. Apply.
    5. Make sure your public domain is pointed to your environment-domain
      • yourdomain CNAME environment-name.elasticbeanstalk.com
Tony Chiboucas
  • 5,505
  • 1
  • 29
  • 37
  • Chibioucas Is Step 1 actually possible (downloading the certificate)? Have you actually done it? How? – Shorn May 15 '16 at 06:22
  • @Shorn, this can be done via [AWS API](http://docs.aws.amazon.com/acm/latest/APIReference/API_GetCertificate.html), or the [CLI](http://docs.aws.amazon.com/cli/latest/reference/acm/get-certificate.html). However, I strongly suggest [uploading your own cert to IAM](http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-ssl-upload.html). – Tony Chiboucas May 16 '16 at 18:09
  • 2
    So long as the AWS Certificate Manager (ACM) is available in your region (https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/), there is no need to export the cert from ACM to IAM. The cert can be accessed directly from the CLI (`aws acm get-certificate`). Both IAM and ACM certs are available to ElasticBeanStalk applications. – rmharrison May 17 '17 at 17:43
2

Ok I have found the solution to my problem. The Amazon Certificate Manager (ACM) is available only for USA East N.Virginia region but my elastic beanstalk was in USA West Oregon and that's why I was not able to see my SSL Certificate from the ACM in the loadbalancer. When I created a new elastic beanstalk in the same region as the Amazon Certificate Manager (N.Virginia) which created a load balancer in the N.Virginia too then I was able to create HTTPS Listener for the load balancer and to assign the SSL Certificate to it.

gshock
  • 584
  • 7
  • 18