How can I add certificates for multiple domains to an ELB using AWS Certificate Manager?

Last updated: 2020-03-11

I want to upload multiple certificates for different domains using Elastic Load Balancing (ELB).

Short Description

As of April 2018, Classic Load Balancer doesn't support adding multiple certificates.

To add multiple certificates for different domains to a load balancer, do one of the following:

  • Use a Subject Alternative Name (SAN) certificate to validate multiple domains behind the load balancer, including wildcard domains, with AWS Certificate Manager (ACM).
  • Use either an Application Load Balancer (ALB) or Network Load Balancer (NLB), which supports multiple certificates and smart certificate selection using Server Name Indication (SNI).

Note: ACM certificates can't be downloaded, and are used only with AWS services integrated with ACM.

Resolution

To use a Classic Load Balancer, follow these steps to create a SAN certificate using ACM.

  1. Open the ACM console.
    Note: If you've never created a certificate, choose Get started.
  2. Follow the instructions to Request a Public Certificate.
  3. In the ACM console, verify that the Status of the certificate request has changed from Pending validation to Issued.
  4. Attach the certificate to a load balancer. For instructions, see Replace the SSL Certificate for Your Classic Load Balancer.

To add multiple certificates with an ALB, follow the tutorial Application Load Balancers Now Support Multiple TLS Certificates with Smart Selection Using SNI.

To add multiple certificates with an NLB, see Network Load Balancers now support multiple TLS certificates using Server Name Indication (SNI).

Note: The ALB and NLB limit excluding default certificates is 25. That limit can't be increased. For more information, see Quotas for Your Application Load Balancers and Quotas for your Network Load Balancers.