amazon-web-servicessslaws-certificate-manager

How to add a domain to an existing SSL certificate on AWS


I have an SSL certificate associated with a load balancer on Amazon Web Services. I would like to have an additional domain on that certificate. My questions are:

  1. Is it possible to add an additional domain to an existing SSL certificate on AWS? I see that you can add additional names when you create one, but I don't see how to do it with an existing certificate.

  2. If no to 1, is it possible to associate 2 certs with the load balancer? Or do I need to create a new one that includes both domains and replace the cert with the new one?


Solution

  • It is not possible to do either of these things.

    Certificates can never be modified -- that would invalidate them.

    Balancers cannot attach more than one certificate to a given listener, and can't have more than one listener on a port.

    Your solution is to create a new certificate with all of the needed domain names, and swap them out.