Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

From self managed Let's Encrypt to AWS Certificate Manager

Tags:

https

lets-encrypt

aws-certificate-manager

I have been managing Let's Encrypt's SSL certificates for a domain.

Now I am moving to Amazon API gateway. I will be using the AWS Certificate Manager to generate HTTPS certificates for the root domain and a bunch of subdomains.

If I make the transfer, what happens to my current HTTPS certificate which is associated with my domain. If browsers suddenly start seeing a new HTTPS certificate for a domain, for which they had been getting a different HTTPS certificate until now, would this be a problem?

Also, once I make the shift, what do I do with my current (manually managed) Let's Encrypt certificate? Is there a way to permanently void it?

like image 702
treecoder Avatar asked Oct 16 '18 04:10

treecoder

2 Answers

Szabolcs Dombi says

You can have multiple valid certificates for the same domain at the same time. Moving from one certificate issuer to another should not cause a problem.

Toby Osbourn says

SSL certificates don’t last forever, most of them need to be renewed on a yearly cycle and occasionally you will want to change the type of the SSL certificate mid-cycle.

Since you are replacing certificates, I suggest you to back up the ones you have.

Once you have backed up the old certificates, just overwrite the .crt and .key files with your new ones. Then, reload your web server so it knows to look at these new certificates, and you should be good to go.

If it's within your interest to know more about how to Generate SSL certificate using Amazon Certificate Manager (ACM), I suggest Barguzar, A. (July 2018). Building Serverless Python Web Services with Zappa. where one can read a good step by step guide. See an excerpt of it below:

ACM is a service that manages and creates SSL/TSL certificates for AWS-based services and applications. An ACM certificate works with multiple domain names and subdomains. You can also use ACM to create a wildcard SSL.

ACM is strictly linked with AWS Certificate Manager Private Certificate Authority (ACM PCA). ACM PCA is responsible for validating the domain authority and issuing the certificate.

like image 165
Tiago Martins Peres Avatar answered Sep 27 '22 23:09

Tiago Martins Peres

You can have multiple valid certificates for the same domain at the same time. Moving from one certificate issuer to another should not cause a problem. This also means that if you create a new certificate the old one still can be used unless it already expired.

like image 36
Szabolcs Dombi Avatar answered Sep 28 '22 00:09

Szabolcs Dombi
Sign in to Comment

Related questions

Debugging Jetty https
Nginx proxy_ssl_certificate not working as expected
Connect mqtt client via web sockets with HTTPS from browser
Authorization header is not encrypted over HTTPS
How to serve a Vue application over HTTPS for local development
Using google map in my website (https secured) shows error
Is it possible to have a different HTTPS domain in an iFrame, on another HTTPS domain?
Downloading from HTTPS
SSL Error on Port 443, Page is not showing and resulting in error 404
How to use WSGI to reroute a user from http to https
How to work around POST being changed to GET on 302 redirect?
Why my WSDL still shows basic http binding with the location value of http?
Certificate issue: SSL page brings up "you need to set a lock screen pin or password before you can use credential storage" on Android
Why do I keep getting a 403 forbidden with PayPal?
What is the correct places for parameters in OKHttp in a multipart form call?
Client certificates with AWS API Gateway
How do you disable SECURE_SSL_REDIRECT for some views in Django?
browser-sync cannot proxy https-websites
All trusting HostnameVerifier causes SSL errors with HttpURLConnection
Apache loads mod_ssl but <IfModule mod_ssl.c> ignored in my vhosts

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!