Create your SSL Certificate in the AWS Certificate manager

The first step is to create an SSL certificate in the AWS certificate manager. One of the great perks of going this route as opposed to getting your certificate elsewhere is that AWS will try to renew it for you automatically as it approaches expiration. You’ll need to create an email account by the name of admin@<your_domain> so you can receive the verification email.

  1. Go to services -> Certificate manager
  2. Click on Request a certificate.
  3. Approve that certificate via the email you received

Create your new load balancer

If you haven’t already realized, each load balancer can only be connected to one SSL certificate. As a result, if we want to get multiple SSL certificates pointing to our Elastic Beanstalk deployment, we’ll need to add an extra load balancer. This is a little tricky but as long as you pay close attention to the configuration options of the initial load balancer, it can be pretty simple.

  1. Go to services->EC2->load balancers
  2. Find the current load balancer and write down all of it’s configurations. It’s very important you get everything the same. All the details need to match. Tags don’t matter
  3. Create a new load balancer with exactly the same configurations but a different name of course.
  4. Make sure the load balancer in the same security group as the original load balancer if you didn’t in the earlier steps.
  5. When you configure SSL, choose the new certificate you created.
  6. Add all the EC2 instances that are currently on the other load balancer to this new load balancer.
  7. Now view the instances section under your newly created load balancer and make sure the instances appear to the new load balancer as InService.

Add your new load balancer to the Elastic Beanstalk Autoscaling group

You could stop here if your deployment wasn’t autoscaling but because it is, you need to make sure when AWS deletes and adds no instances, the new load balancer you created is aware. Remember, instances are more or less throw away instances in the context of autoscaling.

  1. Go to services -> EC2 -> Auto Scaling Groups
  2. Click on the auto scaling group for your deployment’s load balancer.
  3. Click on Actions->Edit
  4. Click on where it says Load Balancers
  5. Add the new load balancer to that list. Make sure you don’t remove the existing load balancer or you’ll break the other SSL certificate on your application
  6. Press save.

Update your DNS records

Now the final step. You obviously want to leave your old DNS records for this application alone but for the new domain/SSL endpoint, you will want to create a CNAME DNS record that points to the new load balancer.

  1. Now set up a CNAME DNS record to point to the new load balancer’s DNS name
  2. Make sure both your old SSL endpoints and new SSL endpoints still work.

Closing thoughts

To confirm you did things correctly, I would recommend forcing your elastic beanstalk application to add another server by updating the minimum amount of servers so you can confirm that the new load balancer points to the newly create instance and the exact same instances as your original load balancer.

There are some limitations that may or may not affect you. You’re limited to 50 load balancers per auto scaling group as shown here but you can request an increase.

If you have any issues setting this up or with other parts of AWS, feel free to reach out to my team at Thanks!

.   .   .

We're Hiring‼️ ?? Looking to join our team of web developers? We're passionate about innovation, family, and community. Apply today!