Subdomain that points to aws

elic · July 25, 2023, 10:52am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:english.readover.online

I ran this command:automatic wacs.exe

It produced this output:I dont know how to do it

My web server is (include version):.NET Core running on 64bit Amazon Linux 2

The operating system my web server runs on is (include version):Linux 2

My hosting provider, if applicable, is:aws

I can login to a root shell on my machine (yes or no, or I don't know):I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):aws

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):I have no idea

I have been using Let's Encrypt successfully on a VPS running Windows Server to manage my websites hosted via IIS. Recently, I decided to introduce a subdomain to one of my sites.

Here's the current setup:

Primary domain: readover.online
- SSL certificate: Let's Encrypt (already in place)
- Hosting: VPS running Windows Server with IIS
Subdomain: english.readover.online
- Hosting: AWS (.NET Core on 64-bit Amazon Linux 2)

The subdomain, english.readover.online, points to a website hosted on AWS. It has replaced the default address provided by AWS.

My question is: What is the recommended approach to secure this subdomain with Let's Encrypt? Should I run Let's Encrypt on the AWS server where the subdomain points, or is it more appropriate to run Let's Encrypt on my existing VPS where I added the A record that points the subdomain to my AWS site?

Any advice or guidance on the best course of action would be greatly appreciated.

MikeMcQ · July 25, 2023, 1:54pm

I see an nginx server responding to your english subdomain

What do you mean by "run Let's Encrypt"? I ask for several reasons as it's important to be clear about this.

But, normally you run the ACME Client which requests a cert from Let's Encrypt on the same machine as your server is running. Right now, that would be the nginx server.

elic · July 25, 2023, 11:01pm

@MikeMcQ
Everything you wrote is accurate.
I run the ACME Client on my vps.
And the server is nginx.
It is clear from your answer that I have to run ACME on AWS.
the cert has to be there.
do I have to use the domain name amazon gave me? do I have to issue a cert for it and then my english sub domain would be secured?
if so, is it possible to run ACME on aws?
if so, are there any instructions on how to do it?
I don't have a machine there I just deploy a website to Elastic Beanstalk.

schoen · July 25, 2023, 11:25pm

Where is this nginx/1.22.1 server? Who configures and administers it, and how?

No, you should get a certificate for the name that people will access your site under, not necessarily for a name that happens to be issued by the hosting provider.

MikeMcQ · July 25, 2023, 11:34pm

Is this a single instance Beanstalk?

elic · July 26, 2023, 6:50am

I attach a screenshot from my AWS configuration page of the beanstalk instance.

AWS, I configure and manage it without knowing much. It's my first try to store on AWS. I have an VPS that run windows server there I mange all my websites.
I can get into the configuration zone as you can see in the attached pic. it runs on some kind of a virtual machine (m2.micro - I remember now, that when I wanted to deploy the site I had to choose the power of the machine. they call it EC2)

Yes it's written there that it's a single instance.

my case
I bought the domain from godday (readover.online)
It points to the IP of my VPS
on this VPS I run the ACME on the vps and I have ssl for readover.online.
I added a record (A record) for the english.readover.online to point to another IP (the IP of the site that is stored on AWS)

MikeMcQ · July 26, 2023, 12:47pm

"AWS" is a general name for Amazon services.

Elastic Beanstalk, one of these services, uses EC2 which is yet another service in AWS. EC2 is a virtual server and you choose what operating system you want. It sounds like you chose .NET but there are others. I don't have experience with .NET environ in Beanstalk but see here for Windows based ACME clients. You have to be more specific than just asking if you can run ACME on AWS.

This is not a general advice site for AWS. I have used Beanstalk myself and think you have a lot to learn. One key item with Beanstalk is understanding persistent storage. You should keep your Let's Encrypt certs in persistent storage. You are using nginx which needs to have these certs available when it starts if it is configured to use them.

Beanstalk's environ is refreshed when you rebuild it or make a new one to transition to an updated environ. Because of this you configure Beanstalk's EC2 with config files at its startup. Carefully read all the AWS docs about Beanstalk starting with persistent storage (link here)

system · August 25, 2023, 12:47pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.