Free SSL Certs with AWS Certificate Manager and your DNS

The second in a short series on using AWS managed services for domain parking. This article will cover using the AWS Certificate manager and existing DNS services to get FREE SSL certs.

Image for post
Image for post

I’ve used LetsEncrypt in the past to server content under SSL without shelling out another $50 per year for a commercial SSL cert. It works great but requires a bit of effort to set up and tend.

To keep things simple I request certs under the root and the wildcard domain. That reduces the number of host records I will need to create and support www. just fine. If I were going to serve a commercial site under www. I would use that hostname as the primary in the cert request.

The cost for this stage is zero. There is no per domain costs or any monthly or yearly costs. This assumes the domain registrar provide free DNS in the yearly registration fee.

Create a public certificate

Image for post
Image for post
Choose “Request a public certificate”

Enter the root and wildcard domain names.

Image for post
Image for post
Enter root and wildcard(*) domain

Choose DNS validation

Image for post
Image for post

Add whatever tags you want.

Image for post
Image for post
Add desired tags

Review and confirm

Image for post
Image for post
Review before confirming

Get the Validation DNS records you will need to create.

One or more CNAME records depending upon how many names are in the cert request.

Enom

Add a new row in DNS and define the CNAME record(s)

Image for post
Image for post

Dynadot

Make sure your are using “DYnaDot DNS” and then create a Subdomain record for the validation CNAME.

Image for post
Image for post
Create a subdomain record for the validation CNAME

Directi
https://manage.resellerclub.com/

Update the nameservers to the registrar agent’s DNS servers.

Image for post
Image for post

Create CNAME record for the validation host.

Image for post
Image for post

Wait patiently…

No advice here, this isn’t my strong suit. It can take from 20 minutes to days. Most have been with in a few hours.

Note: If you’ve used the domain in another AWS account you may have issue if there are any lingering records.

Use the Certificates

The certificates can be used with the following AWS services:

  • Elastic Load Balancing
  • Amazon CloudFront
    Note:
    To use an ACM certificate with CloudFront, you must request or import the certificate in the US East (N. Virginia) region.
  • AWS Elastic Beanstalk
  • Amazon API Gateway
  • AWS CloudFormation

Certificate vector created by upklyak — www.freepik.com

35 years building the most cutting edge sites on the Internet

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store