How to get a free SSL Certificate from AWS

In this article, we are going to learn how to get a free SSL Certificate from AWS. In our previous article, we have discussed how to add a domian with AWS Route 53. If you haven't read that article, I recommend you to read that article first. In this article I am not going to explain what is SSL and why we need it. If you want to know more about SSL, you can read this article by Cloudflare. For this tutorial, I am going to use AWS Certificate Manager (ACM) which is allow you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources. In here we are going to use Public Certicate which is free of charge but have certian limitations. You can read more about Services integrated with AWS Certificate Manager here. Let's get started.

Prerequisite

Existing Domain

AWS Account

Request a Public Certificate

To request a public certificate, follow the steps below.

Sign in to the AWS Management Console and open the ACM console at https://console.aws.amazon.com/acm/home

Click on Request a button

Choose "Request a public certificate" as Certicate Type and then click on "Next"

For Add domain names, enter the domain name that you wish to use. You can enter up to 100 domain names.
You can use an asterisk () to create a wildcard certificate that protects several sites in the same domain. For example, .yourdomain.com protects www.yourdomain.com, site.yourdomain.com, and images.yourdomain.com.

For the Validation method, choose DNS validation.

Click on Review button

Validate the certificate(Route 53)

To validate the certificate, follow the steps below.

Go to the certificate list page

Choose the certificate that you want to validate

Click on Create records in in Route 53
This will automatically add the DNS configurations to your domain hosted on AWS Route 53.

Validate the certificate(Other DNS providers)

If you are using other DNS provider, you can manually configure records in your DNS provider. I'll show you how to do it in Cloudflare DNS provider. If you are using other DNS provider, you can follow the same steps with your DNS provider.

Login to NameCheap

Click "Domain List" on the left menu panel

Click the "Manage" button on the domain you want to verify

Click "Advanced DNS" on the top menu panel

Then under "HOST RECORDS" click the "ADD NEW RECORD" button

For "Type", select "CNAME Record" from the dropdown

Add the "Name" and "Value" provided by AWS

The “CNAME name” on AWS will be something like: `_a92bc41cwdw8esdsdb0cc56fa7a0b84ae7df.yourdomain.com`. But on NameCheap you need to only add: `_a92bc41cwdw8esdsdb0cc56fa7a0b84ae7df` and for the “Value” or “IP Address” add the exact “Value” provided by AWS.

It’s the same for any subdomain, including www.

The “CNAME name” on AWS will be something like: `_a92bc41cwdw8esdsdb0cc56fa7a0b84ae7df.www.yourdomain.com`. But on NameCheap you need to only add: `_a92bc41cwdw8esdsdb0cc56fa7a0b84ae7df.www` and for the “Value” or “IP Address” add the exact “Value” provided by AWS.

Finally, for "TTL" keep it at the default value "Automatic"

When everything looks good to go, click the checkmark next to each record or click the button "Save all changes"

Wait for the validation status to update

After you add the DNS records, return back to the AWS Certificate Manager tab and click "Continue". Your domain certificate should now be listed on the ACM homepage with the status "Pending validation". you need to wait for the validation status to update. It will take some time to update the status. You can check the status by going to the certificate list page. Once the status is updated, you can use the certificate with your domain.

Conclusion

In this article, we learned how to get a free SSL Certificate from AWS. I hope you enjoyed this article. If you have any issue regarding this tutorial, mention your issue in the comment section or reach me through my E-mail.

Happy Coding