DEV Community

Cheedge Lee
Cheedge Lee

Posted on • Originally published at notes-renovation.hashnode.dev

Apply SSL Certificate on AWS ACM (also Cloudflare)

During migrating one local host website to AWS, there are many point I need to write donw. Each article will be a short note, just keep as simple as possible to record the working steps, which makes it later can be quickly found, and also with a simple description. Therefore this serie will not be a detailed explain articles.

apply for certificate

Best to use AWS Certificate Manager (ACM).

  1. Before all add a CAA type record.
    • add CAA record
    • Name is your donmain name, and CA domain name fill in one of :
      • amazon.com
      • amazontrust.com
      • awstrust.com
      • amazonaws.com
    • if no this CAA, will failed.
  2. Nevigate to certificate page
  3. click Request
  4. fill in the domain/subdomain name
    • if has special charactors like my "einbürgerungstest.leeindeutschland.de", don't need to use punycode.
  5. use DNS validation, then create.
    • as I don't register the domain Email
  6. it will gives you, CNAME name and CNAME value
  7. Go to your Domain dashboard(where you register your domain, eg. Cloudflare). Create a CNAME record with Name as the CNAME name, Target as the CNAME value
    • you can remove your domain name in Name field, it's doesn't matter if you removed the tailing point.
  8. then after some time, it will be issued.
    • DON'T wait for too long, 72h is the expired time, if still pending, there must be some thing wrong, don't waste time on waiting. ### CloudFront MUST apply the cert in us-east-1 region ### API Gateway Apply cert where your API Gateway hold. ## about other cert Because I missed the CAA record, I have turn on Cloudflare cert, but, but NOTICE, Cloudflare cert is not recognised by AWS, so don't waste time if you want to deploy on AWS.

However, there are also some point I need to write down.

  1. Go to SSL/TLS -> Overview -> Config -> choose the Full (Strict Mode)
  2. Then go to SSL/TLS -> Origin Server, create.
    • Notice: the Private Key only show this once, so better to keep it at this time.
  3. Next go to AWS ACM, this time not click the Request, instead, click the import button
  4. paste the cert and private key to corresponding field, done.
  5. But embarasing, this will not work on AWS,(for CloudFront, but for EC2 I see some post, it seems still work).

Reference

AWS Certificate Manager DNS validation

Troubleshoot DNS validation problems

Certification Authority Authorization (CAA) problems

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

Billboard image

Deploy and scale your apps on AWS and GCP with a world class developer experience

Coherence makes it easy to set up and maintain cloud infrastructure. Harness the extensibility, compliance and cost efficiency of the cloud.

Learn more

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay