SSL Certificates On Elastic Beanstalk Default Setup

Question

I'm in the process of moving from another cloud provider. Currently I'm just testing in the default environment that has a url looking like this:

http://example-env-1.us-east-1.elasticbeanstalk.com

I'm trying to get SSL/HTTPS working for this address. I then plan using a CNAME to redirect to this address and eventually move the nameservers over completely.

However, after setting everything else up successfully I get to the point of adding the certificates and it just says "failed":

And even though I have my actual "example.com" ssl certificate successfully issued nothing shows up in the load balancer certificate selection dropdown (and yes I have refreshed):

How do I enable SSL using the Certificate Manager?

Answer 1

That's because you are trying to request a cert for the elasticbeanstalk.com domain. You will not be able to get a cert for that domain as you are not the owner of it :). Nor can you setup https for the default elastic beanstalk domains they give you.

You should use ACM to get a certificate for your custom domain, the one you plan on making a CNAME record for.

Example:

If you were to own say the domain amyneville.com. You could create a cert through ACM for that domain.

If you use your custom domain, you do NOT need a to get a cert for the elasticbeanstalk.com domain.

A couple more things:

You cannot create a CNAME record on a TLD (amyneville.com). You can create the CNAME record for www.amyneville.com. So if you want to use the CNAME approach you will have to create a non-www redirect to www..

But better then a CNAME would be to use an A record and point it to the elastic beanstalk resource that was setup. So the load balancer that was created for you, use it's A record.

Last but not least, you cannot apply the ACM cert through the elastic beanstalk console. Instead you will have to use the AWS CLI tools. Here's a link on how to do it: https://stackoverflow.com/a/35173500/1445460