问题
I've reviewed the Lightsail load balancer and unlike ACM, you cannot add wildcard SSL's.
For example on ACM, this can done:
example.com
*.example
And then attached to an EC2 Loadbalancer.
But for Lightsail, the wild card is not accepted. When we issue only on the apex domain to the load balancer:
example.com
When we resolve demo.example.com, we get a cert invalid error.
As we don't know ahead of time the sub-domains in use, and the limit of 9 is too few, is there a workaround?
回答1:
I came up with a solution but I can't say for sure it is the only one.
TL;DR - Use an EC2 Load Balancer and add it's target as your LighSail instance. To this load balancer attach a standard ACM certificate. Don't use the LightSail load balancer at all.
Outline Steps
- Launch a load balancer in EC2 and attach your LightSail instance as a target (Remember to use the private IP of your LightSail instance and check your secuirty settings, zone and region prior to set up)
- Open ACM and provision your certificate. To protect your entire domain, you will require two entries on this cert i.e. example.com and *.example.com
- Validate the certificate (DNS etc) and attach it to the load balancer in EC2.
来源:https://stackoverflow.com/questions/56465773/wildcard-ssl-on-lightsail-load-balancer