Bobcares

AWS certificate manager with nginx – How we set up it for you

by | Aug 20, 2019

Are you looking for an SSL certificate for AWS with free of cost?

AWS Certificate Manager (ACM) provides its clients with free SSL certificates for their websites.

However, problems can crop up due to both bad SSL and DNS configuration leading to errors while setting up an ACM certificate in the Nginx server.

At Bobcares, we often get requests from our customers to AWS certificate manager with Nginx as part of our Server Management Services.

Today, we’ll see how our Support Engineers setup AWS certificate manager with Nginx and fix related errors.

 

How we set up SSL with AWS certificate manager

ACM can generate and manage SSL/TLS certificates for AWS based websites and applications. We can create or import and then manage a certificate using ACM.

However, an ACM certificate can only be created with services, such as Elastic Load Balancing, Amazon CloudFront, and AWS Elastic Beanstalk among others.

This is because one cannot use ACM to directly install the certificate on AWS-based website or application.
To obtain the SSL certificate, we first go to ACM and request for a certificate. ACM then issues the certificate for free.

The third-party certificate can be installed using the AWS certificate manager. However, a new certificate can only be issued or imported through it.

Before we install the SSL certificate, we should have a project, served by NGINX behind a load balancer.

Now, let’s see the detailed steps used by our Support Engineers to set up an ACM certificate with Nginx.

1. Initially, we log in to the AWS dashboard.

2. Then, we go to the Security & Identity > Certificate Manager and request a certificate.

3. We add a domain that will use the load balancer.

4. After issuing the certificate for the domain, we add it to the load balancer. For that, we select the load balancer and go to the Listeners tab.

5. Next, we edit the Nginx configuration file add the below code.

vim /etc/nginx/nginx.conf
server {
listen 80;
server_name www.uvd.co.uk;
root /path/to/web/dir;

index index.php;

proxy_set_header X-Forwarded-Proto $scheme;
if ( $http_x_forwarded_proto != 'https' ) {
return 301 https://$host$request_uri;
}

location ~ \.php$ {
# PHP conf
}
}

Moreover, the exact Nginx configuration file to edit may be different depending on the server setup.

6. Finally, we restart Nginx using

service nginx restart

 

Common problems after setting up SSL on AWS

Bobcares’s years of experience in managing servers found that customers face different kinds of problems after installing and configuring SSL on the AWS server.

Let’s see how our Support Engineers solve these common errors.

 

1. Bad DNS configuration

Recently, one of our customers had a problem with the SSL certificate. The customer had installed the certificate via the AWS certificate manager and renewed it once it expired. However, the https didn’t work and showed a privacy error on the website.

On checking, we found the reason for this failure to renew the certificate was due to the DNS configuration of the domain not containing the correct CNAME records.

Therefore, our Support Engineers updated the correct CName in the DNS configuration file and that fixed the problem instantly.

 

2. Duplicate HTTPS servers

Sometimes, errors may happen due to incorrect SSL configuration too. This means a single IP address configured for two or more HTTPS servers can bring in problems.

For example,

server {
listen 443 ssl;
server_name www.abc.com;
ssl_certificate www.abc.com.crt;
#...
}

server {
listen 443 ssl;
server_name www.xyz.org;
ssl_certificate www.xyz.org.crt;
#...
}

Because of the bad SSL configuration, the NGINX does not know the name of the requested server. Therefore, it may provide the default server’s certificate.

So, our Support Engineers solve this problem by assigning a separate IP address to every HTTPS server.

 

[Having doubt on how to setup SSL on AWS? We’ll fix it for you.]

 

Conclusion

In short, free SSL can be installed via the AWS certificate manager. Today, we saw how our Support Engineers set up SSL through AWS certificate manager in Nginx and fix related errors.

Get 24x7 monitoring for your AWS servers

There are proven ways to get even more out of your AWS Infrastructure! Let us help you.

Spend your time in growing business and we will take care of AWS Infrastructure for you.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF