How do I add multiple SSL certificates to the Application Load Balancer in my Elastic Beanstalk environment?

Last updated: 2020-04-03

I want to add additional SSL certificates to the Application Load Balancer in my AWS Elastic Beanstalk environment.

Short Description

The Application Load Balancer supports multiple SSL certificates, but the SSLCertificateArns option setting in Elastic Beanstalk only accepts one certificate per listener.

To add additional SSL certificates to your Application Load Balancer, you must create a resource-based .ebextension.

Resolution

Add a second SSL certificate to your Application Load Balancer

1.    Create a .ebextensions folder in the root directory of the source bundle.

2.    In the .ebextensions folder, create a .config file based on the following:

option_settings:
  aws:elbv2:listener:443:
    Protocol: HTTPS
    SSLCertificateArns: "cert-arn-1"
Resources:
  AddingSSLCert2:
    Type: "AWS::ElasticLoadBalancingV2::ListenerCertificate"
    Properties:
      ListenerArn:
        Ref : "AWSEBV2LoadBalancerListener443"
      Certificates:
        - CertificateArn: "cert-arn-2"

Note: In the preceding code example, replace cert-arn1 and cert-arn2 with your certificate Amazon Resource Names (ARNs).

The option_settings section creates the HTTPS listener on port 443 and attaches a certificate to this listener. If you already created the HTTPS listener from the console, you can remove the option_settings section from the .config file. The Resources section creates another resource that attaches an additional certificate to the listener.

3.    Apply the .ebextensions updates to your application bundle.

4.    Deploy your application again.

Your application updates the existing Application Load Balancer without replacing it.

Important: The additional certificate doesn't appear in the Elastic Beanstalk console. To verify that your certificate is added to the Application Load Balancer, complete the steps in the Verify that your SSL certificates are added to the Application Load Balancer listener 443 section.

Verify that your SSL certificates are added to the Application Load Balancer listener 443

1.    Open the Amazon Elastic Compute Cloud (Amazon EC2) console.

2.    From the navigation pane, choose Load Balancers.

3.    Choose the Listeners tab.

4.    For listener 443, choose View/edit certificates.

You should see two certificates associated with listener 443.


Did this article help you?

Anything we could improve?


Need more help?