If you don't need SSL to terminate at the EC2 level you can get a free certification via ACM (Amazon Certification Manager) which can be attached to CloudFront or Application Load Balancer.
It's very good practice to have your EC2 always in front of CloudFront or Application Load Balancer. Using ACM is way less of a hassle that LetsEncypt.
Also having your SSL terminate at CloudFront or ELB means you can design your app without worrying about SSL. Forcing SSL on Rails can have some annoying caveats.
If you don't need SSL to terminate at the EC2 level you can get a free certification via ACM (Amazon Certification Manager) which can be attached to CloudFront or Application Load Balancer.
It's very good practice to have your EC2 always in front of CloudFront or Application Load Balancer. Using ACM is way less of a hassle that LetsEncypt.
Also having your SSL terminate at CloudFront or ELB means you can design your app without worrying about SSL. Forcing SSL on Rails can have some annoying caveats.
Can you add certificates for multiple domains to the same load balancer dynamically?
I also do use ACM with a LoadBalancer. Dunno about the limitations for this kind of use-case.
@andrew Brown: do you have a similar use-case, or like me non frequently changing certificates/domains?
ALB supports multiple Certifications so you View/Edit Certificates
And then you can attach them. Since there is pagniation I believe you can attach many certificates.
Automation is possible via CloudFormation