Following the initial WordPress setup, I need to give the site an SSL certificate, Google doesn’t like sites without certificates. I already have a wildcard cert from CloudFlare, however, I want to keep this as much AWS’d as I can, therefore I want to use the Amazon Certificate Services for this sites certificates. However, EC2 on it’s own does not work with the certificates created in AWS. So, we need to go a bit further and set up an elastic load balancer to sit in front of the website, which will allow us to use the certificates.
Getting certificates from AWS Certificate Manager
To start getting your certificate, head over to https://console.aws.amazon.com/acm/home?region=us-east-1#/.
Click on Request a Certificate.
Select “Request a public certificate”.
Enter the domain name and click Next.
Select the validation method in order to get your certificates. I tried using a CNAME first, but it did not work and stayed in a pending state. Email validation worked better (just make sure that one of the accounts used will get forwarded to the right place (such as firstname.lastname@example.org, or email@example.com). Click review.
The next step is to start using it.
We can’t use the certificate in an EC2 instance, there is no option to download it for a start. We can use it with with a few services though,(https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html) and a load balancer is one of these compatible services.
AWS Elastic Load Balancer
From the EC2 main page and select Load Balancers, then click on Create Load Balancer.
Select the type of load balancer, the options are application load balancer, network load balancer, or classic load balancer. I chose the application load balancer.
The next page is the start of our configuration. Give it a name, select whether it is internet-facing or internal and the address type (IPv4 or IPv6):
We need to assign some listeners, so I added HTTP and HTTPS. It’s a website, so that’s all I need.
Next, select the availability zones.