Wildcard SSL certificate for NGINX on EC2 instance

I want to use a wildcard certificate which i can install in NGINX running on several EC2 instances owned by me. I maintain my DNS records on AWS itself.
How can Cloudflare help me in this?

Welcome to the community!

Cloudflare issues the following types of SSL certificates:

  • Edge certificates
  • Origin Server certificates

The first ones are trusted globally and are deployed only on Cloudflare’s servers, not yours. They’ll be used to encrypt the connection between the user and Cloudflare.

The second ones are self-signed, untrusted certificates that are only used to encrypt the communication between Cloudflare and your server (in your case, your EC2 instances).

Cloudflare won’t be able to generate trusted certificate for you to install on your servers. If you want to use Cloudflare to generate SSL certificates, you should point your nameservers from AWS to Cloudflare, and proxy your DNS connections to your origin server. After that, you should generate a Origin SSL certificate and install it on your servers, and finally, change the SSL/TLS type to Full (Strict).

If you want to keep using your AWS nameservers, then you’ll need to purchase a business plan or higher ($200/month) to be able to use CNAME setup.

Here you have some links with more information:

If you want to install trusted SSL certificates in your origin servers without using Cloudflare, then you’ll either need to use something like Certbot/acme.sh, or purchasing the certificates from a trusted CA.

Hope it helps!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.