I want to configure AWS Certificate Manager (ACM) certificates for my website that's hosted on an Amazon Elastic Compute Cloud (Amazon EC2) instance.
Short description
When you configure an Amazon issued ACM public certificate for a website that's hosted on an EC2 instance, you must export the certificate. However, you can't export the certificate because ACM manages the private key that signs and creates the certificate. For more information, see Security for certificate private keys.
Instead, associate the ACM certificate with a load balancer or an Amazon CloudFront distribution.
You can also use ACM for Nitro Enclaves for public and private SSL/TLS certificates.
Resolution
Associate the ACM certificate with a load balancer
Note: Request or import the ACM certificate in the same AWS Region as your load balancer. CloudFront distributions must request the certificate in the US East (N. Virginia) Region.
First, request a public certificate.
Then, complete the following steps to associate the SSL/TLS certificate with a load balancer:
- If you don't have a load balancer, then create an Application Load Balancer, Network Load Balancer, Classic Load Balancer. Or, create a CloudFront distribution.
- Associate the certificate with your load balancer, or configure a CloudFront distribution to use the SSL/TLS certificate.
- Register the EC2 instance with your load balancer or CloudFront distribution:
For an Application Load Balancer or Network Load Balancer, see Register or deregister targets by instance ID.
For a Classic Load Balancer, see Register an instance.
For a CloudFront distribution, see Use Amazon EC2 (or another custom origin).
- Route traffic to your load balancer or CloudFront distribution.
Use ACM for Nitro Enclaves
You can also install and configure ACM for Nitro Enclaves to use public and private SSL/TLS certificates with your web applications and web servers. The web applications and web servers must run on EC2 instances. ACM for Nitro Enclaves works with NGINX servers and Apache HTTP servers that run on EC2 instances.
Related information
Email validation
DNS validation
Making Amazon Route 53 the DNS service for an existing domain
Services integrated with AWS Certificate Manager