Public Cloud

How to Create an SSL/TLS Certificate in AWS Certificate Manager and Connect It to Your Domain in Route 53

Damian Igbe, Phd
Sept. 7, 2024, 4:14 p.m.

Subscribe to Newsletter

Be first to know about new blogs, training offers, and company news.

Securing your website with HTTPS is crucial for protecting user data and enhancing trust. AWS Certificate Manager (ACM) provides an easy way to request and manage SSL/TLS certificates. In this guide, we'll walk you through the process of creating a certificate in ACM and connecting it to your domain managed in AWS Route 53.

Step 1: Sign in to AWS Management Console

  1. Open the AWS Management Console at https://aws.amazon.com/console/.
  2. Sign in with your AWS credentials.

Step 2: Access AWS Certificate Manager

  1. In the AWS Management Console, search for "Certificate Manager" in the search bar.
  2. Click on "Certificate Manager" to open the ACM dashboard.

Step 3: Request a Certificate

  1. In the ACM dashboard, click on "Request a certificate."
  2. Choose "Request a public certificate" and click "Next."

Step 4: Add Domain Names

  1. Enter the domain name you want to secure. For example, example.com.
  2. If you want to secure subdomains as well, add them using the format *.example.com for wildcard certificates or www.example.com for specific subdomains.
  3. Click "Next."

Step 5: Choose a Validation Method

  1. ACM offers two validation methods: Email Validation and DNS Validation. For simplicity and automation, choose "DNS Validation."
  2. Click "Next."

Step 6: Add DNS Records in Route 53

  1. ACM will provide DNS CNAME records that need to be added to your Route 53 hosted zone.
  2. Go to the Route 53 dashboard by searching for "Route 53" in the AWS Management Console.
  3. Click on "Hosted zones" in the left-hand menu and select your domain’s hosted zone.
  4. Click "Create Record Set" and enter the CNAME record details provided by ACM.
  5. Save the record set.

Step 7: Validate the Domain

  1. Return to the ACM dashboard.
  2. ACM will automatically detect the DNS records you've added and begin the validation process.
  3. Validation can take a few minutes to a few hours. You’ll receive an email notification once the certificate is issued.

Step 8: Attach the Certificate to Your Resources

  1. Once the certificate status is "Issued," you can use it with AWS services such as Elastic Load Balancer (ELB), CloudFront, or API Gateway.
  2. For example, to attach the certificate to an ELB:
    • Go to the EC2 dashboard and select "Load Balancers."
    • Choose your load balancer and click on the "Listeners" tab.
    • Edit the HTTPS listener to select your newly issued ACM certificate.

Step 9: Update Your DNS Records (if needed)

  1. If you are using CloudFront or another service that requires specific DNS settings, update your Route 53 records accordingly.
  2. Ensure that your domain’s DNS settings point to the appropriate AWS resource using the certificate.

Step 10: Test your certificate

  1. In your web browser, enter your domain name starting with https. For example https://example.com
  2. Ensure that your domain is working. If not, start troubleshooting by checking your security groups. Ensure that port 443 or HTTPS is allowed to your ELB.

Conclusion

You’ve successfully created and connected an SSL/TLS certificate to your domain using AWS Certificate Manager and Route 53. This setup ensures that your website is securely accessible over HTTPS, enhancing security and user trust. For any issues, verify DNS records and certificate status in ACM.

Additional Resources

 

Zero-to-Hero Program: We Train and Mentor you to land your first Tech role