To make the most of this tutorial series, create a Serverless Framework PRO account for free
This video demonstrates how you can register a free SSL certificate using Amazon Certificate Manager (ACM).
Welcome back. With our custom domain registered, let's start the process of creating an SSL certificate for the custom domain to secure traffic from a user's device to our website.
I'm going to click the Services dropdown, and I can either look up SSL or ACM for the Amazon Certificate Manager, and that should take us over to the Certificate Manager.
In order to get started, we're going to want to provision a certificate for our website. Now, we can request a public certificate by Amazon, or we can request a private certificate from our organization's certificate authority. In this case, I'm just going to click Request A Public Certificate, and then I'm going to click the Request Certificate button.
On this next page, I'm going to go over to the domain section here, and I'm going to type in the name of our domain. In this case, you'll want to type in the name of your particular domain that you have just registered. For me, this is serverlessjams.com. But for you, it might be something else.
I'm also going to copy and paste this into another name for the certificate. This is so that I can have not just serverlessjams.com secured, but also something like www.serverlessjams.com secured. And I can also add wildcards to the certificate. So, if I wanted to register any potential subdomains, I could have a wildcard and a period here to allow me to have something app.serverlessjams.com.
I don't really need to do this right now. But in the case, in the future, that I add an application there, I'm going to have this certificate handy for me.
In the next step I have two different options for validating the certificate. I can set up a record in DNS so that I can verify that I am indeed the owner of this domain, or I can choose email validation if I don't have permission to modify the DNS for this website. In this case, because I registered the domain with Amazon Route 53, DNS validation is by far the easiest for me. So, I'm going to keep that selected and click Review.
When I have this domain name and the validation method selected, I'm going to confirm this and request the certificate. This will take a moment to try and validate the status of my domains and my ownership of them. But one thing I can do, if I've registered these through Amazon Route 53, is I can actually just click the dropdown on each of these particular domains that I'm requesting. And then I can click Create Record in Route 53. This is going to go ahead and set up a CNAME record in Route 53 for me, and it'll allow me to do this automatically to verify the domain. If I wanted to, I could expand all of these other dropdowns here, and I could create other records as I wanted them.
As soon as I'm done clicking all three of these, I'm going to go ahead and click the Continue button here.
It might take a little longer for this entire process to complete. And if you hadn't done those steps I did earlier, you should also have the option to do them inside of this next window here.
As you can see, it is showing a success for this DNS record to attempt to be created in Route 53. And it might just take a few minutes to validate this whole process. If for some reason one of these doesn't succeed and you still have the un-grayed out blue box here, you can always go ahead and try it one more time, and Amazon should be able to update those records for you.
So, now give it a few minutes and we'll refresh this page as we wait for these validations to go through.
So, I didn't actually end up needing to wait more than five to 10 seconds. And after refreshing the page, you can see that not only has my certificate status changed from pending to issued, but also the validation status of each of these different domains has moved over to success. This means that my certificate is ready to go and be used in order to actually secure my domain and my site.
There's a few ways I could use this. However, one of the easiest ways to do this whole process and use the certificate I've just created is to actually set up a CloudFront distribution and configure the certificate in there.
So, that's what we'll do in the next video. Stay tuned.