For now, I am using Cloudflare with full SSL and an EC2 instance and it works fine.
But because of traffic, I need to launch a second ec2 instance and use the load balancer, but as I want all my traffic to go with HTTPS, AWS is asking me to upload a certificate.
I tried to generate a Origin Certificate from Cloudflare and import it to AWS but it doesn’t accept my certificate.
I don’t know what can I do else… I need to have Cloudflare in front of AWS Load Balancer with SSL.
I don’t exactly know ELBs, but is there a filed to add the intermediate certificate? If so you can find on the support pages the certificate chain so that the server can trust the certificate. Otherwise you can use Cloudflare’s load balancer?
My service actually currently runs with ELB/Elastic Beanstalk. What you probably should do is go to AWS Certificate Manager and request a certificate for your domain. These are free, browser-trusted certificates and should work with your domain and Cloudflare. Also make sure your SSL setting is “full” or “full (strict)”.
Then, I recommend setting up in your Security group firewall rules that only accept connections from Cloudflare IPs (comma-separated list) on port 80/443 to ensure that anyone that tries to access your ELB without going through Cloudflare gets blocked.
Oki thank you. I’ll try this. Do you know how long does it take to validate my domain on ACM? I putted the CNAME but it’s still “pending”
I think it’s something like 10 - 30 minutes. It’s been a while since I created a new certificate, but the last one that automatically renewed was definitely within that timeframe.
Perfect, it works!! Thank you
This topic was automatically closed after 31 days. New replies are no longer allowed.