DEV Community

Cheedge Lee
Cheedge Lee

Posted on • Originally published at notes-renovation.hashnode.dev

Apply SSL Certificate on AWS ACM (also Cloudflare)

#aws #acm #apigateway #cloudfront

During migrating one local host website to AWS, there are many point I need to write donw. Each article will be a short note, just keep as simple as possible to record the working steps, which makes it later can be quickly found, and also with a simple description. Therefore this serie will not be a detailed explain articles.

apply for certificate

Best to use AWS Certificate Manager (ACM).

  1. Before all add a CAA type record.
    • add CAA record
    • Name is your donmain name, and CA domain name fill in one of :
      • amazon.com
      • amazontrust.com
      • awstrust.com
      • amazonaws.com
    • if no this CAA, will failed.
  2. Nevigate to certificate page
  3. click Request
  4. fill in the domain/subdomain name
    • if has special charactors like my "einbürgerungstest.leeindeutschland.de", don't need to use punycode.
  5. use DNS validation, then create.
    • as I don't register the domain Email
  6. it will gives you, CNAME name and CNAME value
  7. Go to your Domain dashboard(where you register your domain, eg. Cloudflare). Create a CNAME record with Name as the CNAME name, Target as the CNAME value
    • you can remove your domain name in Name field, it's doesn't matter if you removed the tailing point.
  8. then after some time, it will be issued.
    • DON'T wait for too long, 72h is the expired time, if still pending, there must be some thing wrong, don't waste time on waiting. ### CloudFront MUST apply the cert in us-east-1 region ### API Gateway Apply cert where your API Gateway hold. ## about other cert Because I missed the CAA record, I have turn on Cloudflare cert, but, but NOTICE, Cloudflare cert is not recognised by AWS, so don't waste time if you want to deploy on AWS.

However, there are also some point I need to write down.

  1. Go to SSL/TLS -> Overview -> Config -> choose the Full (Strict Mode)
  2. Then go to SSL/TLS -> Origin Server, create.
    • Notice: the Private Key only show this once, so better to keep it at this time.
  3. Next go to AWS ACM, this time not click the Request, instead, click the import button
  4. paste the cert and private key to corresponding field, done.
  5. But embarasing, this will not work on AWS,(for CloudFront, but for EC2 I see some post, it seems still work).

Reference

AWS Certificate Manager DNS validation

Troubleshoot DNS validation problems

Certification Authority Authorization (CAA) problems

Top comments (0)

Read next

yokwejuste profile image

Day 02: Setting Up Terraform

Steve Yonkeu -

iaasgeek profile image

re:Invent 2024 Keynotes: Peter Desantis

Guillermo Ruiz -

sheopedia profile image

Things to consider before using EKS Auto Mode

nⓐtⓐLiⓔ -

094459 profile image

Amazon Q Developer Tips: No.3 Enable Amazon Q Developer Workspace Index

Ricardo Sueiras -