Are you looking for an SSL certificate for AWS with free of cost?

AWS Certificate Manager (ACM) provides its clients with free SSL certificates for their websites.

However, problems can crop up due to both bad SSL and DNS configuration leading to errors while setting up an ACM certificate in the Nginx server.

At Bobcares, we often get requests from our customers to AWS certificate manager with Nginx as part of our Server Management Services.

Today, we’ll see how our Support Engineers setup AWS certificate manager with Nginx and fix related errors.

How we set up SSL with AWS certificate manager

ACM can generate and manage SSL/TLS certificates for AWS based websites and applications. We can create or import and then manage a certificate using ACM.

However, an ACM certificate can only be created with services, such as Elastic Load Balancing, Amazon CloudFront, and AWS Elastic Beanstalk among others.

This is because one cannot use ACM to directly install the certificate on AWS-based website or application.
To obtain the SSL certificate, we first go to ACM and request for a certificate. ACM then issues the certificate for free.

The third-party certificate can be installed using the AWS certificate manager. However, a new certificate can only be issued or imported through it.

Before we install the SSL certificate, we should have a project, served by NGINX behind a load balancer.

Now, let’s see the detailed steps used by our Support Engineers to set up an ACM certificate with Nginx.

1. Initially, we log in to the AWS dashboard.

2. Then, we go to the Security & Identity > Certificate Manager and request a certificate.

3. We add a domain that will use the load balancer.

4. After issuing the certificate for the domain, we add it to the load balancer. For that, we select the load balancer and go to the Listeners tab.

5. Next, we edit the Nginx configuration file add the below code.

vim /etc/nginx/nginx.conf
server {
listen 80;
server_name www.uvd.co.uk;
root /path/to/web/dir;

index index.php;

proxy_set_header X-Forwarded-Proto $scheme;
if ( $http_x_forwarded_proto != 'https' ) {
return 301 https://$host$request_uri;
}

location ~ .php$ {
# PHP conf
}
}

Moreover, the exact Nginx configuration file to edit may be different depending on the server setup.

6. Finally, we restart Nginx using

service nginx restart

Common problems after setting up SSL on AWS

Bobcares’s years of experience in managing servers found that customers face different kinds of problems after installing and configuring SSL on the AWS server.

Let’s see how our Support Engineers solve these common errors.

1. Bad DNS configuration

Recently, one of our customers had a problem with the SSL certificate. The customer had installed the certificate via the AWS certificate manager and renewed it once it expired. However, the https didn’t work and showed a privacy error on the website.

On checking, we found the reason for this failure to renew the certificate was due to the DNS configuration of the domain not containing the correct CNAME records.

Therefore, our Support Engineers updated the correct CName in the DNS configuration file and that fixed the problem instantly.

2. Duplicate HTTPS servers

Sometimes, errors may happen due to incorrect SSL configuration too. This means a single IP address configured for two or more HTTPS servers can bring in problems.

For example,

server {
listen 443 ssl;
server_name www.abc.com;
ssl_certificate www.abc.com.crt;
#...
}

server {
listen 443 ssl;
server_name www.xyz.org;
ssl_certificate www.xyz.org.crt;
#...
}

Because of the bad SSL configuration, the NGINX does not know the name of the requested server. Therefore, it may provide the default server’s certificate.

So, our Support Engineers solve this problem by assigning a separate IP address to every HTTPS server.

[Having doubt on how to setup SSL on AWS? We’ll fix it for you.]

Conclusion

In short, free SSL can be installed via the AWS certificate manager. Today, we saw how our Support Engineers set up SSL through AWS certificate manager in Nginx and fix related errors.

Source link

Author

Write A Comment