Free SSL Certs with AWS Certificate Manager and your DNS

The second in a short series on using AWS managed services for domain parking. This article will cover using the AWS Certificate manager and existing DNS services to get FREE SSL certs.

I’ve used LetsEncrypt in the past to server content under SSL without shelling out another $50 per year for a commercial SSL cert. It works great but requires a bit of effort to set up and tend.

To keep things simple I request certs under the root and the wildcard domain. That reduces the number of host records I will need to create and support www. just fine. If I were going to serve a commercial site under www. I would use that hostname as the primary in the cert request.

The cost for this stage is zero. There is no per domain costs or any monthly or yearly costs. This assumes the domain registrar provide free DNS in the yearly registration fee.

Create a public certificate

Choose “Request a public certificate”

Enter the root and wildcard domain names.

Enter root and wildcard(*) domain

Choose DNS validation

Add whatever tags you want.

Add desired tags

Review and confirm

Review before confirming

Get the Validation DNS records you will need to create.

One or more CNAME records depending upon how many names are in the cert request.


Add a new row in DNS and define the CNAME record(s)


Make sure your are using “DYnaDot DNS” and then create a Subdomain record for the validation CNAME.

Create a subdomain record for the validation CNAME


Update the nameservers to the registrar agent’s DNS servers.

Create CNAME record for the validation host.

Wait patiently…

No advice here, this isn’t my strong suit. It can take from 20 minutes to days. Most have been with in a few hours.

Note: If you’ve used the domain in another AWS account you may have issue if there are any lingering records.

Use the Certificates

The certificates can be used with the following AWS services:

  • Elastic Load Balancing
  • Amazon CloudFront
    To use an ACM certificate with CloudFront, you must request or import the certificate in the US East (N. Virginia) region.
  • AWS Elastic Beanstalk
  • Amazon API Gateway
  • AWS CloudFormation

Certificate vector created by upklyak —

35 years building the most cutting edge sites on the Internet

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store