AWS Certificate Manager (ACM) provides SSL/TLS certificates for AWS users. Does it apply to Lightsail users as well?
If not, is there any instructions or advises on setting up SSL certificates on Lightsail server?
Choose the load balancer where your SSL/TLS certificate is attached. Choose the Inbound traffic tab on your load balancer's management page. In the Certificates section of the page, choose the ellipsis icon (⋮) for the certificate that you want to delete, and choose Delete.
How does a TLS certificate work? When a user tries to connect to a server, the server sends them its TLS certificate. The user then verifies the server's certificate using CA certificates that are present on the user's device to establish a secure connection.
As per the other answers, you cannot use AWS Certificate Manager to create and install certificates for Amazon Lightsail instances, or any other EC2 instances. However, you can create your own SSL/TLS certificates and install them manually. The Lightsail instance for WordPress is powered by Bitnami and Bitnami give exact instructions on how to create and install a free SSL/TLS certificate with LetsEncrypt.
https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/
I completed this process successfully for lukejanicke.com but didn’t immediately get it working for www.lukejanicke.com
There is currently no mechanism for using ACM certificates with Lightsail instances.
But, there's also no mechanism for using ACM certificates directly on EC2 instances. They have to be behind a load balancer because ACM doesn't provide you with access to the certificate's private key.
You can only use ACM certificates with ELB/ALB and CloudFront.
Information visible in the instance metadata on Lightsail suggests that ELB/ALB might be a future feature there, which suggests it might be possible in the future... but for now, it isn't.
Of course, CloudFront works with any origin server -- EC2, Lightsail, even origin servers that aren't in AWS at all. (I have a server in my living room that works behind CloudFront). If you don't need encryption between CloudFront and your Lightsail machine -- just between the browser and CloudFront -- then you can configure this today, and use an ACM cert on CloudFront, with Lightsail as the origin server. The only issue there is that you would not be using the free outbound bandwidth allowance from Lightsail to the Internet -- you'd be using CloudFront outbound Internet bandwidth, which does not have a large free quota like Lightsail.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With