Steps to Add Multiple SSL Certificates on Single AWS ELB

Steps to Add Multiple SSL Certificates on Single AWS ELB



08 March 2019

Before we started how to add multiple SSL certificates on single AWS Elastic Load Balancer (ELB), let’s take a preview of the basics of SSL Certificates and SSL installation steps.

Multiple AWS SSL Certifications on Elastic Load Balancer (ELB)

AWS support multiple TLS/SSL certificates on Application Load Balancers (ALB) using Server Name Indication (SNI). We can now host multiple TLS secure applications, each with its own TLS certificate, behind a single load balancer. In order to use SNI, all we need to do is bind multiple certificates to the same secure listener on the load balancer. ALB will automatically choose the best TLS certificate for each client. Let us take an example for better clarity. You have two domain names. 1. 2. and you have hosted these two applications on the server. You can create the two separate SSL certificates for these two applications. You just have to add these certificates on listener and listener should point to the server which hosts the applications.

Procedure to create let’s encrypt the SSL certificate

1. Download and make certbot executable

wget chmod a+x certbot-auto

2. Request a new certificate

sudo ./certbot-auto --debug certonly --webroot -w /var/www/html/mydirectory -d

*change the webroot path /var/www/html/mydirecory/ with the webroot of your virtual host and with your domain name.*

3. If everything works as expected, you should now have 4 files in the /etc/letsencrypt/live/ folder.

  • cert.pem
  • chain.pem
  • fullchain.pem
  • privkey.pem

Procedure to upload let’s encrypt SSL certificate on AWS

1. Go to the AWS web console, select the EC2 service and go to Load Balancers. After selecting the load balancer of your choice and go to the Listeners tab.


Now we have to click on the “Change” link, in the SSL Certificate column of the HTTPS protocol, in order to set the new certificate.

2. In this window, we are selecting the third option, Upload a new SSL certificate to AWS and then setting the name of our choice for it. Then, in the Private key field, we have to place the contents of the cert.pem file, and in the Public key certificate field, the contents of the fullchain.pem file. We can leave the Certificate chain field empty.


Procedure to add a certificate to load Balancer

1. Select the load balancer in the console, go to the listener’s tab, and select “view/edit certificates”



  1. Then we select the “+” button in the top left corner to select some certificates then we will click on the “Add” button


Also, note that a single load balancer can hold up to 25 certificates. If you want to use more than 25 certificates you have to select more than one load balancer.

Blog Categories
Request a quote