By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How do I add multiple SSL certificates to the Application Load Balancer in my Elastic Beanstalk environment?

2 minute read
0

I want to add additional SSL certificates to the Application Load Balancer in my AWS Elastic Beanstalk environment.

Resolution

Application Load Balancers support multiple SSL certificates, but the SSLCertificateArns option in Elastic Beanstalk accepts only one certificate per listener. To add additional SSL certificates to your Application Load Balancer, you must create a resource-based .ebextension.

Add a second SSL certificate to your Application Load Balancer

1.    Create a .ebextensions folder in the root directory of the source bundle.

2.    In the .ebextensions folder, create a .config file based on the following example:

option\_settings:
aws:elbv2:listener:443:
Protocol: HTTPS
SSLCertificateArns: "cert-arn-1"
Resources:
AddingSSLCert2:
Type: "AWS::ElasticLoadBalancingV2::ListenerCertificate"
Properties:
ListenerArn:
Ref : "AWSEBV2LoadBalancerListener443"
Certificates:
- CertificateArn: "cert-arn-2"

Note: In the preceding code snippet, replace cert-arn1 and cert-arn2 with your certificate's Amazon Resource Names (ARNs).

To add additional certificates, add a new ListenerCertificate resource:

option\_settings:
aws:elbv2:listener:443:
Protocol: HTTPS
SSLCertificateArns: "cert-arn-1"
Resources:
AddingSSLCert2:
Type: "AWS::ElasticLoadBalancingV2::ListenerCertificate"
Properties:
ListenerArn:
Ref : "AWSEBV2LoadBalancerListener443"
Certificates:
- CertificateArn: "cert-arn-2"
AddingSSLCert3:
Type: "AWS::ElasticLoadBalancingV2::ListenerCertificate"
Properties:
ListenerArn:
Ref : "AWSEBV2LoadBalancerListener443"
Certificates:
- CertificateArn: "cert-arn-3"

Note: In the preceding code snippet, replace cert-arn1, cert-arn-2, and cert-arn3 with your certificates ARNs.

The option_settings section creates the HTTPS listener on port 443 and attaches a certificate to this listener. If you create the HTTPS listener from the Elastic Beanstalk console, then you can remove the option_settings section from the .config file. The Resources section creates another resource that attaches an additional certificate to the listener.

3.    Apply the .ebextensions updates to your application bundle.

4.    Deploy your application again.

Your application updates the existing Application Load Balancer without replacing it.

Important: The additional certificate doesn't appear in the Elastic Beanstalk console. To verify that your certificate is added to the Application Load Balancer, complete the steps in the following section.

Verify that your SSL certificates are added to the Application Load Balancer listener 443

  1. Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
  2. From the navigation pane, choose Load Balancers.
  3. Choose the Listeners tab.
  4. For listener 443, choose View/edit certificates.
Topics
Compute
Tags
AWS Elastic Beanstalk
Language
English
AWS OFFICIAL
AWS OFFICIALUpdated 9 months ago
2 Comments

Correct Solution: https://github.com/awsdocs/aws-cloudformation-user-guide/issues/153

AWS
Vignesh
replied 9 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
AWS Official
replied 9 months ago

Relevant content