The second in a short series on using AWS managed services for domain parking. This article will cover using the AWS Certificate manager and existing DNS services to get FREE SSL certs.
I’ve used LetsEncrypt in the past to server content under SSL without shelling out another $50 per year for a commercial SSL cert. It works great but requires a bit of effort to set up and tend.
To keep things simple I request certs under the root and the wildcard domain. That reduces the number of host records I will need to create and support
www. just fine. If I were going to serve a commercial site under
www. I would use that hostname as the primary in the cert request.
The cost for this stage is zero. There is no per domain costs or any monthly or yearly costs. This assumes the domain registrar provide free DNS in the yearly registration fee.
Create a public certificate
Enter the root and wildcard domain names.
Choose DNS validation
Add whatever tags you want.
Review and confirm
Get the Validation DNS records you will need to create.
One or more CNAME records depending upon how many names are in the cert request.
Add DNS Records
Add a new row in DNS and define the CNAME record(s)
Make sure your are using “DYnaDot DNS” and then create a Subdomain record for the validation CNAME.
Update the nameservers to the registrar agent’s DNS servers.
Create CNAME record for the validation host.
No advice here, this isn’t my strong suit. It can take from 20 minutes to days. Most have been with in a few hours.
Note: If you’ve used the domain in another AWS account you may have issue if there are any lingering records.
Use the Certificates
The certificates can be used with the following AWS services:
- Elastic Load Balancing
- Amazon CloudFront
Note: To use an ACM certificate with CloudFront, you must request or import the certificate in the US East (N. Virginia) region.
- AWS Elastic Beanstalk
- Amazon API Gateway
- AWS CloudFormation