Why can't I configure ACM certificates for my website hosted on an EC2 instance?

Last updated: 2022-05-19

I want to configure AWS Certificate Manager (ACM) certificates for my website hosted on an Amazon Elastic Compute Cloud (Amazon EC2) instance. Why can't I?

Short description

Configuring an Amazon Issued ACM public certificate for a website that's hosted on an EC2 instance requires exporting the certificate. However, you can't export the certificate because ACM manages the private key that signs and creates the certificate. For more information, see ACM private key security.

Instead, you can associate an ACM certificate with a load balancer or an ACM SSL/TLS certificate with a CloudFront distribution. Before you begin, follow the instructions for requesting a public certificate.

Note: You must request or import an ACM certificate in the same AWS Region as your load balancer. CloudFront distributions must request the certificate in the US East (N. Virginia) Region.

Resolution

Follow these steps to associate your certificate:

  1. Create an Application Load Balancer, Network Load Balancer, Classic Load Balancer, or CloudFront distribution.
    Note: If you already have an Application Load Balancer, Network Load Balancer, Classic Load Balancer, or CloudFront distribution, then you can skip this step.
  2. Associate the certificate with you ELB, or configure a CloudFront distribution to use an SSL/TLS certificate.
  3. Put the EC2 instance behind your ELB or CloudFront distribution.
  4. Route traffic to your ELB or CloudFront distribution.

Create an ELB or CloudFront distribution

Associate the certificate with ELB or configure it with a CloudFront distribution

Put the EC2 instance behind your ELB or CloudFront distribution

Route traffic to your ELB or CloudFront distribution