- Newest
- Most votes
- Most comments
Hi There,
I understand that you want to replace an expired SSL Certificate that was already on an elastic load balancer.
If this is correct then you can change the certificate for the HTTPS listener.
To replace the certificate using the console [1] : 1- Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2- On the navigation pane, under LOAD BALANCING, choose Load Balancers.
3- Select the load balancer and choose Listeners.
4- Select the check box for the listener and choose Edit.
5- For Default SSL certificate, do one of the following:
* If you created or imported a certificate using AWS Certificate Manager, choose From ACM and choose the certificate.
* If you uploaded a certificate using IAM, choose From IAM and choose the certificate.
6- Choose Update
Please note that you can also replace the certificate using the AWS CLI [1] :
by using the modify-listener [2] command.
I hope the information above is helpful.
===== references =====
[1] Replace the default certificate : https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-update-certificates.html#replace-default-certificate
[2] modify-listener : https://docs.aws.amazon.com/cli/latest/reference/elbv2/modify-listener.html
Relevant content
- Accepted Answerasked 6 months ago
- Accepted Answerasked 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 3 years ago
The certificate has already been replaced through that process. When I go to the website, it is still reporting that it is not secure. I was told that the certificate cannot be changed in the E2C (the space you said) for it to work, but has to be done through an ELB (which it already has). And I get to that area through the VPC. When I go to the VPC I have all of the subnets and everything already created. Something is still directing traffic to the old cert. So I was told that I needs to be configured in the ELB. But my question is am I creating a NEW ELB or is there a way to use the existing one I have? I don't want to create a new one and mess something up. but if I need to create a new one with new subnets and all that, then I will. And after I do that, I assume I delete the old one so there are no issues later?
Its a matter of the public IP vs the private IP apparently.
Hi there,
No, you do not need to create a new ELB, you can use the one you have been using as mentioned above, you only need to edit your listeners and select your new certificate from there, please note that you would need to Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. to do this and follow the steps [1].
You can also troubleshoot your SSL Certificate installation problems on your server including verifying that the correct certificate is installed, valid, and properly trusted by using a commonly used third-party website [2].
Reference:
[1] Replace the expired certificate : https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-update-certificates.html#replace-default-certificate
[2] https://www.sslshopper.com/ssl-checker.html
Hi There,
Were you able to identify the issue using https://www.sslshopper.com/ssl-checker.html ?
Please note that you do not need to send your personal details as this is a public platform but feel free to share with me what error you are getting if any at all in order to resolve the issue you are getting.