Adding SSL to domain hosted on route 53 AWS

Solution 1

Route 53 is DNS service. So you cannot add SSL to Domain directly in its. The way you should do is point you domain name to server ip. Then you create SSL in that server.

Here is route 53 explaination : https://aws.amazon.com/route53/

After you point it to server or some service you are using , you can generate SSL certificate from that server with https://letsencrypt.org/ Then, you setting up your webserver (i.e. apache,nginx) to serve your website with SSL.

Here is an Ubuntu server example : https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04

Edit New Version https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04 You have a lot of options to add SSL to your domain. It's depend on what you are developing.

Solution 2

If your website is hosted in S3, you can create a cloudfront distribution for your website hosted on S3 and apply SSL certificate using AWS certificate manager (ACM).

If you are serving your website through a webserver such as apache/nginx running on say EC2 or any other platform, then you can apply a SSL purchased from a third party say GoDaddy etc. You would need to create a Private Key Infrastructure (PKI) on your server using openssh, easy-rsa etc and then generate a Certificate Signing Request(CSR), get it signed from GoDaddy or any other SSL seller. They would provide you back with signed certificate and any intermediate key. Save the returned certificate along with your private key in a secure folder say /etc/pki/tls/certs/ and then add the path of the three cert files in /etc/httpd/conf.d/ssl.conf file if you are using apache as your webserver. Once you restart apache service ,SSL certificate would be deployed to your website.

Solution 3

Post is a bit old but I recently was looking for the same and I wanted to share how i solved it in hopes it's useful to others. It's easier than you think in AWS.

1. You need an SSL cert, either get it from other cert authorities and import it into AWS Certificate Manager (ACM) or get a public one from ACM and validate it against your domain by adding a hosted zone line, either manually or if you use Route 53 you just need to follow the ACM cert creation process and it will add it for you.

2. You need an AWS Application Load Balancer (ALB) to handle the https request handshakes for you to avoid doing it in every single web server node. In your ALB create 2 listeners, one on port 80 that will be redirecting all http requests to https, and the 2nd listener on port 443 where you associate the ACM certificate, define the default security policy and the forwarding to your Target Group (where you register the target instances/nodes of your servers)

3. In the security group of your ALB you enable inbound traffic in both ports 80 and 443

4. Lastly in your node web server you just need to make sure it accepts traffic in port 443 which for instance in a default Apache installation it does.

With this configuration, the ALB will handle the cert handshake validation with the client's browser and you don't need to bother configuring the ssl certificate in each of your web servers. By the way AWS ALB doesn't allow traffic redirection from HTTPS to HTTP, so if you see here, we are doing the opposite, redirecting from HTTP to HTTPS.

Author by

Junaid Farooq

Hi. I do ruby & Elixir & Js. In my free time when I ever have, I watch Harry Potter, Pirates of the Caribbean. If you have watched HP. there was a scene in which Professor Severus Snape and Professor Albus Dumbledore were talking to each other and Professor Albus Dumbledore said: Lilly!!! Professor Severus Snape said: Always!! That's was defining a moment of the whole MOVIE series If you can feel it. You are on the right path my friend. Last but not the least, I like/love/adore Phil Dunphy If you haven't watched Modern Family then do watch it. I also wrote a medium article on hot upgrades with Distillery. Ashfaq Ahmad & Dave Thomas are my ideals. I do love to play snooker and Ronnie O'Sullivan is my most favorite player, He is genius, you should check him out on youtube.

Updated on July 20, 2022