HTTPS enables you to transfer data over the network securely. To be able to use HTTPS with your load balancer you need to do the following steps:
- Request a certificate
- Add a CNAME record
- Attach HTTPS listener to the load balancer
Enter the domain name you are using with your load balancer and click next. If you are using a sub-domain, you will have to enter that sub-domain. Also, you can cover more than one domain in a single certificate like this:
whateverdomain.club my.whateverdomain.club abc.whateverdomain.club
or to cover all the sub-domains, you have to use
Select "DNS Validation" (learn why) and click "Next"
You can add tags if you want, otherwise, leave them empty and click "Review". On the review page, review the info and click "Confirm and Request". Click "Export DNS configuration to a file" (it will download a csv file) and click "Continue".
Now we need to validate our request (prove that we are authorized to request SSL certificates for our domain). Until the validation is completed you will see "Pending validation" status against the certificate request.
To prove our authorization we need to add the CNAME record to our domain's DNS records. To do that go over to route 53 (if your domain's NS are not pointing towards AWS then you will have to do the following steps from your domain registrar's control panel or some other service that you are using).
Click "Create record set", open up the csv file that was downloaded earlier and enter the values accordingly:
Name = From csv's Record Name column
Type = CNAME - Canonical name
Alias = No
Value = From csv's Record Value column
After entering the values click "Save Record Set".
*Note: in the CSV file, the Record Name is completely written, you just need the random string part.
# value in csv _ab1e89753de00b10b8de785149740feb.whateverdomain.club. # value you need to enter in the name field _ab1e89753de00b10b8de785149740feb
*Note: The status change can take 0-72 hours. However, if ACM (AWS Certificate Manager) is not able to validate within 72 hours, then you will see "Time out" as the status and you will have to regenerate the request.
Now that we have successfully generated an SSL certificate for our domain, we are ready to attach HTTPS listener to the load balancer. Head over to EC2, from the bottom left section select "Load Balancers". Select the load balancer to whom you intend to attach the SSL. Go the "Listeners" tab from the bottom and click "Add listener".
Select "HTTPS" as protocol. Add default action "Forward to" and select the target group to which you want to forward your requests. Leave "Security Policy" as it is. Select the certificate we generated above in the "Default SSL certificate".