Adding SSL certificate issues by ACM to Apache virtual host on ubuntu machine

Question

I am trying my Hands-on ACM for SSL certificates.

I have requested a public certificate for a domain \'prod.yp-uae.waveaxis.space\' which is attached to a load balancer.

Answer 1

Generally you don't need SSL cert on your EC2 instances if you have deployed SSL cert on your ALB. The reason is that ALB is going to terminate your SSL/HTTPS connection, and then it will forward it to your instances as a regular HTTP (non-SSL) connection. In this scenario, the traffic flow is:

client---(HTTPS)-->ALB----(HTTP)--->EC2 instances

This design simplifies a lot of work with manually setting up SSL certificates and off-loads its processing to ALB.

Therefore, if its not really a requirement to have HTTPS between ALB and instance, its just easier to have your Apache serve regular HTTP traffic on port 80.

The thing I am wondering on is how can I get my ACM SSL certificate

Sadly you can't access ACM certificates as they can only be used on load balancer, CloudFront distribution and API gateway. This means that you can't use it on instances.

However, if you really require end-to-end HTTPS, then you should generate and deploy your own self-signed SSL certificate on the instances. This will require a bit of setup, but your connection will be:

client---(HTTPS)-->ALB----(HTTPS)--->EC2 instances

However, this is not normally done and in most cases the first scenario with HTTP between ALB and the instance is sufficient.