问题
- I have purchased SSL Certificate from COMODO SSL Store.
- I have AWS EC2 Instance with Ubuntu AMI.
I want to install this SSL certificate on AWS but couldn't make it work. I just want to use this certificate with my website 'somewebsite.com' and nothing else like load balancer or something else.
I found this but it has load balancer which I dont want https://cheapsslsecurity.com/blog/install-ssl-certificate-on-amazon-web-services-aws/
I tried this but I guess this is not the right way. This tutorial probably not for AWS, just for localhosts on local systems maybe. https://www.ssldragon.com/blog/how-to-install-an-ssl-certificate-for-localhost-xampp/
Finally I contacted COMODO and they gave me this tutorial https://www.thesslstore.com/knowledgebase/ssl-install/amazon-web-services-ssl-installation/
Then I came to know about AWS Certificate Manager but I couldn't make sure if this will attract any charges. I am already paying COMODO and I dont want to pay extra to Amazon for certificate.
I kind of find tutorials with 4-5 different ways to install third party SSL on AWS EC2 Instance but cant make it work, cant figure out the right way and cant make sure if that way will cost me extra or not.
Even pointing me in the right direction will be appreciated.
Please Help.
回答1:
In regards to ACM issued certificates, you cannot use it with an instance without a load balancer.
You can use public and private ACM certificates with the following AWS services: • Elastic Load Balancing – Refer to the Elastic Load Balancing documentation • Amazon CloudFront – Refer to the CloudFront documentation • Amazon API Gateway – Refer to the API Gateway documentation • AWS Elastic Beanstalk – Refer to the AWS Elastic Beanstalk documentation
Reference: https://aws.amazon.com/certificate-manager/faqs/
None of the links you shared explains how to configure ssl for an instance without load balancer, except https://www.ssldragon.com/blog/how-to-install-an-ssl-certificate-for-localhost-xampp/. you have to use your real certificate instead of the one showed in the tutorial.
Hope this helps.
回答2:
You can use Amazon Certificate Manager by uploading your COMODO cert. However, ACM certs can only be used by Elastic Load Balancers, Cloudfront, and a few other AWS services (and NOT EC2).
You will want to look into the instructions for just installing the certificate on Ubuntu.
If you're using the apache2 package, you can copy the certificate to /etc/ssl/certs and copy the key to /etc/ssl/private, then edit /etc/apache2/sites-available/default-ssl.conf search for "SSLCertificate" and change the following lines (modify them to match the name and path of the comodo cert and key you uploaded):
SSLCertificateFile /etc/ssl/certs/comodo-cert.pem
SSLCertificateKeyFile /etc/ssl/private/comodo-key.pem
Enable the SSL configuration, and restart the webserver.
ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/
apachectl configtest
apachectl graceful
If you're using nginx, I'm not qualified to provide instructions. But a quick search for installing SSL cert on Nginx on Ubuntu ought to set you straight.
来源:https://stackoverflow.com/questions/59581061/how-to-install-third-party-ssl-certificate-with-aws-ec2-instance-ubuntu-ami-w