How do I add multiple SSL certificates to the Application Load Balancer in my Elastic Beanstalk environment?
I want to add additional SSL certificates to the Application Load Balancer in my AWS Elastic Beanstalk environment.
Resolution
Application Load Balancers support multiple SSL certificates, but the SSLCertificateArns option in Elastic Beanstalk accepts only one certificate per listener. To add more SSL certificates to your Application Load Balancer, you must create a resource-based .ebextension.
Add a second SSL certificate to your Application Load Balancer
Complete the following steps:
- Create a .ebextensions folder in the root directory of the source bundle.
- In the .ebextensions folder, add a second SSL certificate to a .config file based on the following example:
Note: In the preceding example, replace cert-arn1 and cert-arn2 with your certificate's Amazon Resource Names (ARNs).option_settings: aws:elbv2:listener:443: Protocol: HTTPS SSLCertificateArns: "cert-arn-1" Resources: AddingSSLCert2: Type: "AWS::ElasticLoadBalancingV2::ListenerCertificate" Properties: ListenerArn: Ref : "AWSEBV2LoadBalancerListener443" Certificates: - CertificateArn: "cert-arn-2"
To add more certificates, add a new ListenerCertificate resource:
Note: In the preceding example, replace cert-arn1, cert-arn-2, and cert-arn3 with your certificates ARNs.option_settings: aws:elbv2:listener:443: Protocol: HTTPS SSLCertificateArns: "cert-arn-1" Resources: AddingSSLCert2: Type: "AWS::ElasticLoadBalancingV2::ListenerCertificate" Properties: ListenerArn: Ref : "AWSEBV2LoadBalancerListener443" Certificates: - CertificateArn: "cert-arn-2" AddingSSLCert3: Type: "AWS::ElasticLoadBalancingV2::ListenerCertificate" Properties: ListenerArn: Ref : "AWSEBV2LoadBalancerListener443" Certificates: - CertificateArn: "cert-arn-3"
The option_settings section creates the HTTPS listener on port 443 and attaches a certificate to this listener. If you create the HTTPS listener from the Elastic Beanstalk console, then you can remove the option_settings section from the .config file. The Resources section creates another resource that attaches an additional certificate to the listener. - Apply the .ebextensions updates to your application bundle.
- Deploy your application again.
Your application updates the existing Application Load Balancer without having to replace it.
Important: The additional certificate doesn't appear in the Elastic Beanstalk console. To verify that your certificate is added to the Application Load Balancer, complete the steps in the following section.
Verify that your SSL certificates are added to the Application Load Balancer listener 443
Complete the following steps:
- Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
- From the navigation pane, choose Load Balancers.
- Choose the Listeners tab.
- For listener 443, choose View/edit certificates.
Correct Solution: https://github.com/awsdocs/aws-cloudformation-user-guide/issues/153
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
