How to add a domain to an existing SSL certificate on AWS

Question

I have an SSL certificate associated with a load balancer on Amazon Web Services. I would like to have an additional domain on that certificate. My questions are:

1. Is it possible to add an additional domain to an existing SSL certificate on AWS? I see that you can add additional names when you create one, but I don't see how to do it with an existing certificate.

2. If no to 1, is it possible to associate 2 certs with the load balancer? Or do I need to create a new one that includes both domains and replace the cert with the new one?

Answer 1

As a work-around, you can create a new certificate in AWS Cert Manager with all the same domains from an existing cert plus one any new one needed. With DNS validation for both existing and new certs, all the existing domains successfully validate automatically on the new cert (unique DNS IDs kept for easy renewal). You just need to add the DNS validation records for any new domains, let it validate and then swap the cert (just tested with cert + Cloudfront, haven't with an ELB).

Answer 2

AWS ELB/ALB support up to 25 certificates now. You can request new ACM certificates or upload your own certificates and use them with your load balancers

Answer 3

Actually (as of Feb 12, 2019) you can request another certificate and then Add to your load balancer. I just did this myself. I had one certificate with 5 domains and I didn't want to have to create another just for one more. So I created the new certificate for the one domain and then added ( look for a plus sign ). Easy and it takes effect right away. Good luck.

Answer 4

It is not possible to do either of these things.

Certificates can never be modified -- that would invalidate them.

Balancers cannot attach more than one certificate to a given listener, and can't have more than one listener on a port.

Your solution is to create a new certificate with all of the needed domain names, and swap them out.