How can I add certificates for multiple domains to the ELB using AWS Certificate Manager?

Last updated: 2019-08-26

I want to upload multiple certificates for different domains using Elastic Load Balancing (ELB).

Short Description

As of April 2018, Classic Load Balancer doesn't support adding multiple certificates.

To add multiple certificates for different domains to a load balancer, do one of the following:

  • Use a Subject Alternative Name (SAN) certificate to validate multiple domains behind the load balancer, including wildcard domains, with AWS Certificate Manager (ACM).
  • Use an Application Load Balancer (ALB), which supports multiple SSL certificates and smart certificate selection using Server Name Indication (SNI).

Note: ACM certificates can't be downloaded, and are used only with AWS resources such as ELB (Classic, Application, and Network), Amazon CloudFront distributions, and Amazon API Gateway.

Resolution

To use a Classic Load Balancer, follow these steps to create a SAN certificate using ACM.

  1. Open the ACM console.
    Note: If you've never created a certificate, choose Get started.
  2. Follow the instructions to Request a Public Certificate.
  3. In the ACM console, verify that the Status of the certificate request has changed from Pending validation to Issued.
  4. Attach the certificate to a load balancer. For instructions, see Replace the SSL Certificate for Your Classic Load Balancer.

To add multiple certificates with an ALB, follow the tutorial Application Load Balancers Now Support Multiple TLS Certificates With Smart Selection Using SNI.

Note: Multiple certificates can't be used with an NLB. For information on using a single certificate with an NLB, see TLS Termination for Network Load Balancers.

Note: The Application Load Balancer limit excluding default certificates is 25 and can't be increased. For more information, see Limits for Your Application Load Balancers.