AWS Route53 - Domain and SSL Certificate using Hosted Zones and ACM

Поділитися
Вставка
  • Опубліковано 26 лис 2024

КОМЕНТАРІ • 98

  • @shavis4811
    @shavis4811 Рік тому +4

    Clean and clear demo, exactly what I was looking for. Thanks much !

  • @farfara1987
    @farfara1987 9 місяців тому

    short video with a big content. just great 👍 !

  • @AmazeOnCloud
    @AmazeOnCloud 11 місяців тому

    Super useful Endre !! It's solved my issue.

    • @EndreSynnes
      @EndreSynnes  10 місяців тому

      Thank you so much! I'm glad it was helpful 😄

  • @albertbarsegyan3865
    @albertbarsegyan3865 Місяць тому

    thank you veeery much, you help us a lot

  • @dbyto8956
    @dbyto8956 2 роки тому +2

    Well Explained It was really helpful brother. Thanks alot

    • @EndreSynnes
      @EndreSynnes  2 роки тому +1

      Thank you so much! I'm glad you found it helpful 😄

  • @terrabyte-techy
    @terrabyte-techy 11 місяців тому

    Thank you for the video, that was very helpful.

    • @EndreSynnes
      @EndreSynnes  11 місяців тому +1

      Thank you so much! I’m glad you found it helpful😄

  • @piotrzajac5824
    @piotrzajac5824 Рік тому +1

    For anyone who has problem with validation timeout:
    You need also to set CNAME record to hosted zone.
    Once the validation is triggered open details of the request and you will see columns with CNAME name and CNAME value - this needs to be added for aws for validation.

    • @EndreSynnes
      @EndreSynnes  Рік тому

      Yes, as shown in the video from 4:40 and onwards 😄 You could also manually create the Hosted Zone CNAME records by copying the values from the columns CNAME name and CNAME value. This way you can validate a certificate even if the Hosted Zone isn't in the same AWS account as the certificate 😄

    • @piotrzajac5824
      @piotrzajac5824 Рік тому +1

      @@EndreSynnes sure, but considering few people here had issues with timeouts, i suppose they had watched in the same manner as I did and forgot to set it up😅

    • @EndreSynnes
      @EndreSynnes  Рік тому

      That's true, there have been some questions regarding validation issues 😅 Hopefully this thread will be helpful for some 😄

    • @lukasjunior6027
      @lukasjunior6027 3 місяці тому +1

      how many time do u had have to wait for the validation?

  • @StankmanX
    @StankmanX Рік тому

    Awesome Video! I like how you explain everything!

  • @piotrzajac5824
    @piotrzajac5824 Рік тому

    Thanks a lot. Exactly what I needed to know. I hate bloated aws documentation.

    • @EndreSynnes
      @EndreSynnes  Рік тому

      Thank you so much! 😄 Yes the documentation isn't always that good 😅

  • @Mangeshz
    @Mangeshz 10 місяців тому

    million thanks man...

    • @EndreSynnes
      @EndreSynnes  10 місяців тому

      I’m glad you found it helpful 😄

  • @carlosmrcom
    @carlosmrcom 2 роки тому

    How do I associate the SSL certificate with the WordPress site? WordPress shows it doesnt have the SSL yet but the process of this video was done perfectly.

    • @EndreSynnes
      @EndreSynnes  2 роки тому +2

      Hi, thank you for the question! 😄
      I don't have that much experience with WordPress, but as shown in this article ( aws.amazon.com/blogs/networking-and-content-delivery/how-to-accelerate-your-wordpress-site-with-amazon-cloudfront/ ) from the AWS documentation, it should be possible to combine an ACM SSL certificate with WordPress. I guess using CloudFront would be a good idea to enable HTTPS traffic.
      I also found this discussion where they talk about using ACM SSL certificates with WordPress: superuser.com/questions/1426886/how-can-i-link-aws-ssl-to-aws-wordpress
      I hope could help you!😄

  • @胡泽-e1b
    @胡泽-e1b 2 роки тому

    very helpful, thanks.

  • @melissaCScom
    @melissaCScom 6 місяців тому

    Thank you for the detail! That worked. :)

    • @EndreSynnes
      @EndreSynnes  6 місяців тому +1

      I’m glad you found it helpful 😄

  • @ningggg6974
    @ningggg6974 2 місяці тому

    Hi, I purchased a domain in godaddy and I followed these steps. However, it is still not working

    • @EndreSynnes
      @EndreSynnes  2 місяці тому

      Hi 😄 could you elaborate what exactly dosen't work? Isn't the SSL Certificate successfully validated in AWS Certificate Manger?

  • @omarcrosby
    @omarcrosby Рік тому

    thanks for this

  • @paarthmanhas784
    @paarthmanhas784 Рік тому

    Hey. nice video! Quick question - how long does it take for certificate to issue?

    • @EndreSynnes
      @EndreSynnes  Рік тому +1

      Hi, thank you so much!😄
      Usually it takes a few minutes (maybe 5-10), but it could also take a couple hours. If it’s not valid by now (and you have followed all the steps mentioned in the video), I would assume there is a validation issue.

  • @zimcanit6647
    @zimcanit6647 2 роки тому

    Great video, subscribed!

  • @wil9861
    @wil9861 Рік тому

    I don’t get it . If you are not uploading anything to AWS in server.js what is getting stored in S3 when a call is sent to generateUrl()?

    • @EndreSynnes
      @EndreSynnes  Рік тому

      Hi 😄
      I'm sorry, I don't quite understand your question? what server.js file are you thinking about and what "generateUrl" function do you mean? 😊

  • @franfonse
    @franfonse 2 роки тому

    You da best

  • @PlacidoYT
    @PlacidoYT Рік тому

    great job!

  • @uchejordy3255
    @uchejordy3255 10 місяців тому

    Thank you Sir

  • @ld-sy3457
    @ld-sy3457 Рік тому

    Please how to make those certificate "in use" since all domains remains http instead "https"

    • @EndreSynnes
      @EndreSynnes  Рік тому

      Hi 😊
      This depends on how you application is deployed. If you make use of AWS CloudFront then I suggest watching my video here: ua-cam.com/video/M0GfSXr75iU/v-deo.html If it's an API deployed using an AWS API Gateway, then I suggest watching this video: ua-cam.com/video/JKI0td7QXTQ/v-deo.html
      I hope this was helpful! 😄

  • @polycoder
    @polycoder 2 роки тому

    thank you quite helpful

    • @EndreSynnes
      @EndreSynnes  2 роки тому

      Thank you, I’m glad it was helpful!😄

  • @anshi_m1188
    @anshi_m1188 8 місяців тому

    I followed every step as it is, but I'm still not getting https, please help!

    • @EndreSynnes
      @EndreSynnes  7 місяців тому

      Hi 😄 I'm sorry for the late response.
      What do you mean you're not able to get HTTPS? Have you made use of the certificate in for example your CloudFront distribution or API Gateway?

  • @codewithraj9517
    @codewithraj9517 Рік тому

    I have domain with https and i created a sub domain and point to a web server but subdomain with https not working pls

    • @EndreSynnes
      @EndreSynnes  Рік тому

      Hi, sorry for the late response.
      I think I might need some more information to understand where the problem could be, but here are some initial thoughts I have of what could be the cause:
      - The subdomain is not defined in the certificate.
      - The web server is not able to retrieve the certificate from ACM.
      - The certificate is not verified.
      I hope this was somewhat helpful if you haven't already figured it out? 😄

  • @weekendvlogger1168
    @weekendvlogger1168 Рік тому

    the status is issued but still when i open the domain in my browser it shows invalid date..please help

    • @weekendvlogger1168
      @weekendvlogger1168 Рік тому

      the SSL status is till expired

    • @EndreSynnes
      @EndreSynnes  Рік тому

      Hi 😄 Sorry for the late response.
      So, if I understand correctly, you have already had a certificate that has expired? Which might explain the error you get. If so, then I would guess that your application is not able to retrieve the new certificate. Let me know if this is not the case 😄

  • @crickethistory8961
    @crickethistory8961 2 роки тому

    Good one👍

  • @ujjwalmahar
    @ujjwalmahar Рік тому

    Great

  • @yangj6941
    @yangj6941 2 роки тому

    I did the same thing and my ssl is validated but my domain with is not accessible it just loads forever and timeout. (btw i am using domain from godaddy and change the ns to route 53 ones)

    • @EndreSynnes
      @EndreSynnes  2 роки тому

      Hi,
      Have you configured your API/CloudFront distribution/VPC to accept https traffic? Simply creating the SSL certificate and verifying it won't enable https traffic by itself, but this makes it possible to enable https traffic :)
      How is your application/network configured (using CloudFront, AWS API Gateway or VPC)? This will determine how to enable https traffic using your certificate.

  • @tanvivaishnav5545
    @tanvivaishnav5545 2 роки тому

    Hi I did this. But it still shows that my website is not secure. How do I change http to https? Please help

    • @EndreSynnes
      @EndreSynnes  2 роки тому

      Hi, sorry for the late reply!
      Creating a certificate in ACM will not automatically enable HTTPS traffic to your applications.
      This depends on how your application is configured or deployed. If you for example use AWS CloudFront, then you must enable HTTPS there, as described in this documentation: docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html . I'll try to make a video about this in the future. If you are using AWS API Gateway, then you can follow the steps in my other video: ua-cam.com/video/JKI0td7QXTQ/v-deo.html&lc=Ugx1hrcf6Gb1pcrECnt4AaABAg.
      I hope this was helpful in any way! 😄

  • @lionetillo
    @lionetillo Рік тому

    thank you

  • @ISavaXx
    @ISavaXx Рік тому

    Good job. You did everything except the laststep and you did not show if the https is working

    • @EndreSynnes
      @EndreSynnes  Рік тому

      Thank you 😄
      Yes you are right, I didn't make use of the domain or certificate in this video. This video was only intended to show how to deploy a hosted zone (domain) and how to create and validate a certificate for that domain. How to enable HTTPS on your applications depends on how the application is deployed. Therefore I have created separate videos on this, both for API Gateways (ua-cam.com/video/JKI0td7QXTQ/v-deo.html) and CloudFront distributions (ua-cam.com/video/M0GfSXr75iU/v-deo.html). Keep in mind that CloudFront have had some updates since I uploaded this video, so I will create a new one at some point. Still it's highly relevant and could be used as a guide for enabling HTTPS.
      I hope this was somewhat clarifying? 😄

  • @RaghavGade-by5os
    @RaghavGade-by5os 5 місяців тому

    Don't we have to register the domain?

    • @EndreSynnes
      @EndreSynnes  5 місяців тому

      Yes that’s right, I mention It as a prerequisite at 0:30 😄

    • @raghavgade2000
      @raghavgade2000 5 місяців тому +1

      When you regiter a domain from aws, it creates hostedzone automatically^ To those who're new to all purchasing domains. It will help you out. Look in the left panel of Route53 and you can find Register Domain option.

    • @EndreSynnes
      @EndreSynnes  5 місяців тому

      Yes that’s right, that way you also don’t need to manually register the name servers of your Hosted Zone with your domain prover. The reason why I didn’t register it with AWS was that it at that time were cheaper to register it elsewhere 😊

  • @ffrank1323
    @ffrank1323 Рік тому

    hmm seems not working with a wordpress site... unbelievable how much time you have to spend get a SSL certificate in CHATGPT-age ... thanks anyway for your video

    • @EndreSynnes
      @EndreSynnes  Рік тому

      Hi😄
      I see, I haven't tried it with a Wordpress site myself, but did you manage to get a valid certificate for your domain? In other words, does it say it's valid in AWS Certificate Manager? 😄

  • @TrevorAngel
    @TrevorAngel 2 роки тому +6

    Have searched most of youtube - everyone shows you how to get an ssl cert, that bit was simple - but nobody on earth or in the universe knows how to change your aws domain from http to https - yes we all have certificates but they don't work!!!!!

    • @EndreSynnes
      @EndreSynnes  2 роки тому +3

      Hi 😄
      Well, changing the domain from http to https, depends on how/where your applications are deployed. If you make use of AWS CloudFront, then you should be able to block HTTP requests and only allow HTTPS, or redirect users to HTTPS if they make requests using HTTP. In CloudFront you can then make use of the certificate you requested using AWS ACM (given the certificate is created in the us-east-1 region).
      If you make use of AWS Elastic Load Balancing, then you should also be able to utilize your AWS ACM certificate ( aws.amazon.com/premiumsupport/knowledge-center/associate-acm-certificate-alb-nlb/ ) and thus enable HTTPS.
      This is a very interesting topic, which I'll see if can cover more in later videos😄 By the way, in the next video I'll go through the steps of creating a custom domain for an API Gateway, here I'll make use of an AWS ACM certificate.
      I hope this was somewhat helpful 😄

    • @mustkeemk5506
      @mustkeemk5506 2 роки тому

      Thanks for asking this question

  • @shefalisharma886
    @shefalisharma886 2 роки тому

    Hey, i have followed all the steps and the certificate is also issued . But when i open my website it is still showing not secure. Can you please help why is this happening or is there something I have to choose to get https

    • @EndreSynnes
      @EndreSynnes  2 роки тому

      Hi, thank you for the question :)
      Creating a certificate in ACM will not automatically enable HTTPS traffic to your applications.
      This depends on how your application is configured or deployed. If you for example use AWS CloudFront, then you must enable HTTPS there, as described in this documentation: docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html . I'll try to make a video about this in the future. If you are using AWS API Gateway, then you can follow the steps in my other video: ua-cam.com/video/JKI0td7QXTQ/v-deo.html&lc=Ugx1hrcf6Gb1pcrECnt4AaABAg. If you are using an AWS Elastic Load Balancer, then you have to enable HTTPS there, and select the certificate you just created.
      Again this depends on how and where your application is deployed. I hope this was helpful in any way! 😄

    • @KobraTrading
      @KobraTrading 2 роки тому

      @@EndreSynnes What if we transferred our to AWS Route53 from siteground. Would we then setup a new Cloudfront distribution pointing to the same gateway server that the Route53 is so we can enable the certificate?

    • @EndreSynnes
      @EndreSynnes  2 роки тому

      @@KobraTrading ​ Hi, sorry for the late reply. Transferring the domain to AWS should not be necessary. You could do that if you want tho. As shown in the video I linked in the previous comment, you can just create a custom domain in the API Gateway settings. This will create a hidden CloudFront distribution in front of your Gateway. HTTPS should then be enabled.
      If you want you could also create a custom CloudFront distribution that points to the API gateway. Then you can point the Rote53 HostedZone record to the CloudFront distribution (and not the API Gateway). The API Gateway will then be the origin where CloudFront forwards your request.
      If you want to create a custom CloudFront distribution for an API Gateway, then this article may help: aws.amazon.com/premiumsupport/knowledge-center/api-gateway-cloudfront-distribution/
      I hope this was helpful! :D

  • @akashjain3254
    @akashjain3254 2 роки тому

    Hi I have followed all your steps, but my certificate still in pending state for last 2 hours

    • @EndreSynnes
      @EndreSynnes  2 роки тому

      Hi :)
      Hmm, that's strange. It could be that you just have to wait for a couple more hours. It could also happen if for instance you very recently (within 24 hours) bought your domain, or bought your domain from another domain provider than AWS and just recently updated your name server (NS) config to point to the AWS name servers, then It could take up to a day for it to take effect. This can maybe cause the certificate to still be pending, but I'm not sure.
      Please let me know if this was helpful or if It got resolved by waiting a couple more hours :)

    • @akashjain3254
      @akashjain3254 2 роки тому

      @@EndreSynnes I have not bought the domain , I have just created on AWS route 53

    • @EndreSynnes
      @EndreSynnes  2 роки тому

      @@akashjain3254 I see, so you have just created the Route53 Hosted Zones?
      You need to either buy the domain using AWS Route53 or another Domain provider.
      ALTERNATIVE ONE: If you buy the domain using Route53, then a Hosted Zone will be created for you. You should then be able to follow my video from here ua-cam.com/video/ookzXuMr8eY/v-deo.html .
      ALTERNATIVE TWO: If you buy the domain using another domain provider (like I have done in this video), then you need to update the name server (NS) configuration on your domain providers website to point to the name servers listed in your Route53 Hosted Zone.
      You should only create certificates for domains that you manage/own.
      I hope this was helpful! :)

    • @bkunace
      @bkunace 2 роки тому

      same issue, i create this and have 30hs and nothing happens with domains not created by aws, i have another domain created in aws and works fine

    • @EndreSynnes
      @EndreSynnes  2 роки тому

      @@bkunace That's strange, have you done an NS lookup with your domain? If so, do you get the aws name servers in response?

  • @rajeshkannan740
    @rajeshkannan740 2 роки тому

    Can you please post a video of How to import SSL from third party and using in Domain Hosted in Route53 AWS please

    • @EndreSynnes
      @EndreSynnes  2 роки тому

      Hi😄 This sounds interesting and I will look into it 🙌

    • @smokinreelsfishing
      @smokinreelsfishing 2 роки тому

      @@EndreSynnes , theyve got an option in ACM for the same now

    • @EndreSynnes
      @EndreSynnes  2 роки тому +1

      @@smokinreelsfishing Yes I know 😄 I haven't tested importing SSL certificates in ACM myself, but I guess it shouldn't be an issue 😄

  • @riccardotest8890
    @riccardotest8890 2 роки тому

    godaddy domain and I did everything described in the video, it doesn't work after 1 day

    • @EndreSynnes
      @EndreSynnes  2 роки тому

      Hi 😊
      That's strange, have you done an NS lookup to see that name servers your domain is connected to at the moment? If you have updated the name server settings on godaddy (www.godaddy.com/help/change-nameservers-for-my-domains-664), it should point to the aws name servers.

  • @rushikeshshinde999
    @rushikeshshinde999 2 місяці тому

    Free or paid ssl certificate

    • @EndreSynnes
      @EndreSynnes  2 місяці тому

      The ssl certificate itself (created using AWS Certificate Manager) is free, as far as I know😊

  • @Crunkmastaflexx
    @Crunkmastaflexx 2 роки тому

    thanks

  • @_mitric_n
    @_mitric_n Рік тому

    Video is great, but AWS sucks.
    There is no easy option just to set HTTPS for a domain (purchased with AWS), and to use Load Balancer costs $18.00 a month.
    Firs and last time I have used AWS for any of my personal projects... And yeah, I need to pay $18.00 a month just to have HTTPS for a page that will be used only by two people...

    • @EndreSynnes
      @EndreSynnes  Рік тому +1

      Thank you! 😊
      Yes, AWS managed Load Balancers can unfortunately be quite expensive 😅 Just out of curiosity, if it's just a simple web page (no backend), is there a reason you don't just use AWS S3 and CloudFront to enable https on your website? Since this doesn't cost that much.
      Or if it's a backend, maybe a serverless architecture with AWS Lambda could be an alternative? Of course this assumes that's a viable option for your use case 😊

    • @_mitric_n
      @_mitric_n Рік тому

      @@EndreSynnes Hi Endre, to be honest it is a mess 😂
      Right now there is just some FE, but since it is used for company API documentation and buch of other integration and knowledge base documents (to be added) it needs to have Backend and DB.
      I was able to do it eventually (free of charge) by connecting with SSH and installing Apachee server and then do the configuration. It needed som hustle, but now page is HTTPS.
      Not that hard actually and it works.
      One advise - don't believe everything ChatGPT says... I needed to reinstall everything at one point because I blindly followed instructions...
      Well it turnsout StackOwerflow and Google is still the best friend you can have when you get stuck ;)

  • @xxxx-xx4im
    @xxxx-xx4im Рік тому

    what a great video!! thx alot