Steps to Add Multiple SSL Certificates on Single AWS ELB
Before we started how to add multiple SSL certificates on single AWS Elastic Load Balancer (ELB), let’s take a preview of the basics of SSL Certificates and SSL installation steps.
Multiple AWS SSL Certifications on Elastic Load Balancer (ELB)
AWS support multiple TLS/SSL certificates on Application Load Balancers (ALB) using Server Name Indication (SNI). We can now host multiple TLS secure applications, each with its own TLS certificate, behind a single load balancer. In order to use SNI, all we need to do is bind multiple certificates to the same secure listener on the load balancer. ALB will automatically choose the best TLS certificate for each client. Let us take an example for better clarity. You have two domain names. 1. Example1.com 2. Example2.com and you have hosted these two applications on the server. You can create the two separate SSL certificates for these two applications. You just have to add these certificates on listener and listener should point to the server which hosts the applications.
Procedure to create let’s encrypt the SSL certificate
1. Download and make certbot executable
wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto
2. Request a new certificate
sudo ./certbot-auto --debug certonly --webroot -w /var/www/html/mydirectory -d mydomain.com
*change the webroot path /var/www/html/mydirecory/ with the webroot of your virtual host and mydomain.com with your domain name.*
3. If everything works as expected, you should now have 4 files in the /etc/letsencrypt/live/mydomain.com folder.
Procedure to upload let’s encrypt SSL certificate on AWS
1. Go to the AWS web console, select the EC2 service and go to Load Balancers. After selecting the load balancer of your choice and go to the Listeners tab.
Now we have to click on the “Change” link, in the SSL Certificate column of the HTTPS protocol, in order to set the new certificate.
2. In this window, we are selecting the third option, Upload a new SSL certificate to AWS and then setting the name of our choice for it. Then, in the Private key field, we have to place the contents of the cert.pem file, and in the Public key certificate field, the contents of the fullchain.pem file. We can leave the Certificate chain field empty.
Procedure to add a certificate to load Balancer
1. Select the load balancer in the console, go to the listener’s tab, and select “view/edit certificates”
- Then we select the “+” button in the top left corner to select some certificates then we will click on the “Add” button
Also, note that a single load balancer can hold up to 25 certificates. If you want to use more than 25 certificates you have to select more than one load balancer.