![[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!](https://beyondjapan.com/cms/wp-content/uploads/2022/12/recruit_blog_banner-768x344.jpg)
[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!
![[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services](https://beyondjapan.com/cms/wp-content/uploads/2021/03/AWS_構築・運用保守-768x344.png)
[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services
![[Successor to CentOS] AlmaLinux OS server construction/migration service](https://beyondjapan.com/cms/wp-content/uploads/2023/08/almalinux_blogbanner-768x344.png)
[Successor to CentOS] AlmaLinux OS server construction/migration service
![[For WordPress only] Cloud server “Web Speed”](https://beyondjapan.com/cms/wp-content/uploads/2022/11/webspeed_blog_banner-768x344.png)
[For WordPress only] Cloud server “Web Speed”
![[Cheap] Website security automatic diagnosis “Quick Scanner”](https://beyondjapan.com/cms/wp-content/uploads/2023/04/quick_eyecatch_blogbanner-768x345.jpg)
[Cheap] Website security automatic diagnosis “Quick Scanner”
![[Reservation system development] EDISONE customization development service](https://beyondjapan.com/cms/wp-content/uploads/2023/06/edisone_blog_banner-768x345.jpg)
[Reservation system development] EDISONE customization development service
![[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”](https://beyondjapan.com/cms/wp-content/uploads/2021/03/Appmill_ブログバナー-768x344.png)
[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”
![[Compatible with over 200 countries] Global eSIM “Beyond SIM”](https://beyondjapan.com/cms/wp-content/uploads/2024/05/beyond_esim_blog_slider1-768x345.jpg)
[Compatible with over 200 countries] Global eSIM “Beyond SIM”
![[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”](https://beyondjapan.com/cms/wp-content/uploads/2024/05/china-sim_blogbanner-768x345.jpg)
[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”
![[Global exclusive service] Beyond's MSP in North America and China](https://beyondjapan.com/cms/wp-content/uploads/2024/06/gloval_surport_blog_slider-768x345.jpg)
[Global exclusive service] Beyond's MSP in North America and China
![[YouTube] Beyond official channel “Biyomaru Channel”](https://beyondjapan.com/cms/wp-content/uploads/2021/07/バナー1-768x339.jpg)
[YouTube] Beyond official channel “Biyomaru Channel”
How to upload SSL certificate to AWS ELB
table of contents
How to upload SSL certificate to AWS ELB
This is Saito from the infrastructure team.
Thank you to all the infrastructure and in-house SE staff for your hard work every time you renew your SSL certificate.
Well, AWS Certificate Manager is now available in the Tokyo region from May 16th this year.
From now on, you can use SSL certificates with Amazon as the certificate authority for free.
AWS is becoming more and more convenient, but this time we will introduce how to apply an SSL certificate obtained through another certificate authority to ELB.
I use AWSCLI for my work. Please install the following modules before performing this task.
pip install awscli
If you have not completed the initial settings, enter the command below.
aws configure
Complete the default settings by entering the following items.
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]: The settings are in the files ~/.aws/credentials, ~/.aws/config Saved as name.
How to upload
First, prepare an SSL certificate.
the SSL certificate in the current directory in an environment where you can
run the awscli command and upload the SSL certificate to the remote management console using the command below.
aws iam upload-server-certificate --server-certificate-name "example-domain.com" \ --certificate-body file://./example-domain.com.crt \ --private-key file:// ./example-domain.com.key \ --certificate-chain file://./example-domain.com.ca
For each,
certificate-body: Server certificate
private-key: Specify the private key
Specify the intermediate certificate
If there is multiple user information in ~/.aws/credentials please specify it with
the --profile Also, if an error is output asking you to specify a region, specify the ELB region with the
--region For example, in the Tokyo region, it is ap-northeast-1.
Now, let's list the commands for each case.
When adding a new listener like https(443)→http(80) to ELB
aws elb create-load-balancer-listeners \ --load-balancer-name \ --listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=arn:iam:::server-certificate/example -domain.com --region ap-northeast-1
When updating the certificate of an existing listener
aws elb set-load-balancer-listener-ssl-certificate \ --load-balancer-name \ --load-balancer-port 443 \ --ssl-certificate-id arn:aws:iam:::server-certificate/ example-domain.com \ --region ap-northeast-1
If you want to delete the uploaded certificate
aws iam delete-server-certificate --server-certificate-name example-domain.com
When deleting a listener
aws elb delete-load-balancer-listeners --load-balancer-name --load-balancer-ports 443
By knowing the above commands, the process of uploading certificates to ELB has become smoother.
It is also a good idea to embed it in a shell script as a fixed form process.
0
Loading...0 
![[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution](https://beyondjapan.com/cms/wp-content/uploads/2024/05/59b34db220409b6211b90ac6a7729303-1024x444.png)
[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution
The person who wrote this article
About the author
