Reputation: 251
How to set multiple certificates for AWS::ElasticLoadBalancingV2::Listener
Hi I have problem setting multiple certificates for ALB listener. Here is fragment of my CF template:
DiscoveryListenerHTTPS:
Type: AWS::ElasticLoadBalancingV2::Listener
DependsOn:
- DiscoveryLoadBalancer
- DiscoveryLoadBalancerTargetGroup
Properties:
Certificates:
- CertificateArn: !Ref CertificateArn1
- CertificateArn: !Ref CertificateArn2
and response is:
Up to '1' certificate ARNs can be specified, but '2' were specified (Service: AmazonElasticLoadBalancingV2; Status Code: 400; Error Code: TooManyCertificates; Request ID: XXXXXXXXX)
Upvotes: 16
Views: 10657
Answers (3)
Reputation: 853
EDIT : improved answer thanks to @chris-pollard and @adamkgray answers
This works for me, you can specify multiple SSL certificates for an HTTPS listener.
For HTTPS, you are not allowed to specify directly multiple certificates on the AWS::ElasticLoadBalancingV2::Listener resource. Instead you have to create a AWS::ElasticLoadBalancingV2::ListenerCertificate resource in your template for additional certificates.
Here is an example of a listener by 443 port using a default certificate and then a certificate list with at least one certificate and associated to the listener that was previously created:
Listener443:
DependsOn:
- LoadBalancer
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
Certificates:
- CertificateArn: !Ref CertificateARN
LoadBalancerArn: !Ref LoadBalancer
DefaultActions:
- Type: fixed-response
FixedResponseConfig:
ContentType: text/plain
MessageBody: "Not Found"
StatusCode: 404
Port: 443
Protocol: HTTPS
CertificatesList:
Type: AWS::ElasticLoadBalancingV2::ListenerCertificate
Properties:
Certificates:
- CertificateArn: !Ref CertificateARN2
ListenerArn: !Ref Listener443
Upvotes: 23
Reputation: 1937
Came here looking for the same answer. Found that the answer was not clearly laid out in the comments/answers, so I'm gonna do that. Although you can specify multiple SSL certificates for an HTTPS listener, you are not allowed to specify multiple certificates on the HTTPS listener resource directly in the CFN template. You have to create another resource in your template for additional certificates like this:
AdditionalListenerCertificates:
Type: AWS::ElasticLoadBalancingV2::ListenerCertificate
Properties:
Certificates:
- CertificateArn: !Join
- ":"
- - "arn:aws:acm"
- !Ref AWS::Region
- !Ref AWS::AccountId
- !Join ["/", ["certificate", "<you-certificate-id>"]]
ListenerArn: !Ref HTTPSListener
Upvotes: 5
Reputation: 1780
It's a little clunky; the CF template for creating the listener only sets the default cert.
You should be able to add additional certs to the listener with this object: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html
Upvotes: 9
Related Questions
- AWS CloudFormation - Add New Certificate to an existing listener
- CloudFormation Elastic load balancer listener circular dependency with listener certificate
- Multiple SSL Certificates on Elastic Beanstalk ALB
- How can I attach multiple certificates to a load balancer in CDK?
- (Bug) Elasticloadbalancer cant find ACM certificates with arn cloudformation
- Setting multiple certificates on an aws_lb_listener using terraform
- Config for multiple SSL Certificates on Application Load Balancer
- Cloudformation AWS::ElasticLoadBalancingV2::Listener arbitrary list of certificates
- AWS Cloudformation: Loadbalancer Custom SSL Negotiation Policy
- Single SSL certificate for Multiple load balancer