How to Setup Elastic Beanstalk SSL with GoDaddy
Recently I faced an SSL expiration and went through the tedious (or better say badly documented) process of setting it up again in our AWS Load Balancers, for subsequent use in Elastic Beanstalk. In this post I’ll give a detailed step by step of the process used to setup our SSL.
First, we followed Heroku’s guide to generate our initial server.key and CSR (Certificate Signing Request), which is necessary for GoDaddy to actually issue the certificate.
- Generating the
server.keyrequires two commands:
openssl genrsa -des3 -out server.pass.key 2048
openssl rsa -in server.pass.key -out server.key- Then you can generate the CSR:
openssl req -nodes -new -key server.key -out server.csrWith the CSR, we can now request the SSL in GoDaddy and then download the public key certificate and certificate chain.
Now for the crucial part (and the one we found was missing documentation), before we upload the new certificate to AWS we must bundle the public key certificate and the certificate chain into one using the following command:
cat yourdomain.crt gd_bundle-g2-g1.crt > combined.crtNow we have everything we need to upload our new certificate using AWS Command Line Interface:
aws iam upload-server-certificate --server-certificate-name your_certificate_name --certificate-body file://combined.crt --private-key file://server.keyThe file.// prefix before each file name is actually required by AWS cli to upload properly. If everything went well you’ll receive a response from the server like this one:
{
"ServerCertificateMetadata": {
"ServerCertificateId": "ABCDEFG12345678",
"ServerCertificateName": "certificate-name",
"Expiration": "2018-08-26T11:59:38Z",
"Path": "/",
"Arn": "arn:aws:iam::1234123412:server-certificate/certificate-name",
"UploadDate": "2017-08-26T19:53:46.989Z"
}
}And that’s it, you should have a new SSL certificate available to you in AWS.
