问题描述

我一周前刚刚开始使用AWS.我通过Elastic Beanstalk将我的NodeJS后端部署在Docker容器中.以及通过CloudFront在S3中使用的前端Angular5应用.

I've just started using AWS a week ago. I deployed my NodeJS backend in a Docker container via Elastic Beanstalk. And a front-end Angular5 app in an S3 via CloudFront.

我在GoDaddy上购买了一个域名，并将其配置为指向我的CloudFront Angular5应用程序.我还为该域生成了SSL证书(用于前端).但是，由于后端的不安全性，来自前端应用程序的所有请求都被阻止了.

I bought a domain name on GoDaddy and configured it to point to my CloudFront Angular5 app. I also generated an SSL certificate for that domain (used for the front-end). However, all requests from the frontend app are getting blocked due to the backend insecurity.

因此，据我所知，下一步将是为ElasticBeanstalk NodeJS后端配置HTTPS.

So, as I understand, the next step would be to configure HTTPS for the ElasticBeanstalk NodeJS backend.

我找到了有关该主题的各种文章.但是所有人都以为我已经签发了证书.

I found a variety of articles on that topic. But all of them assume I already have a certificate issued.

问题是，当我尝试通过ACM为Elastic Beanstalk给我的URL(my-website.eu-west-2.elasticbeanstalk.com)请求证书时，该请求被拒绝，并出现以下错误:

The problem is that when I tried to request a certificate via ACM for the URL that Elastic Beanstalk gives me (my-website.eu-west-2.elasticbeanstalk.com), the request got rejected with the following Error:

请求失败该证书申请的状态为失败".要在此请求中请求一个或多个域名的证书，需要进行额外的验证.

在这种情况下我该怎么办?甚至可以使用AWS提供的URL(例如Elastic beantalk提供的URL)来请求SSL证书吗?

What can I do in that case? And is it even possible to use aws-provided URLs (like the one provided by elastic beanstalk) to request SSL certificates?

很抱歉，如果我的用语不是很正确.我对所有这些东西都很陌生.

Apologies if my terminology is not very correct. I'm quite new to all this stuff.

推荐答案

您无法为Amazon域(amazonaws.com，elasticbeanstalk.com等)注册SSL证书

You cannot register SSL certificates for Amazon domains (amazonaws.com, elasticbeanstalk.com, etc.)

如果要对内部或外部Elastic Beanstalk应用程序使用HTTPS，则必须使用自己的域.

If you want to use HTTPS for your Elastic Beanstalk application (internal or external), you must use your own domain.

1. 向DNS注册服务商注册域.
2. 通过ACM请求该域的SSL证书.
3. 将该ACM证书分配给您的Elastic Beanstalk应用程序.
4. 将您的域指向Elastic Beanstalk应用程序，将CNAME用于外部DNS，将CNAME或ALIAS用于​​Route 53.
5. 通过您的域名而不是由Elasticbeanstalk分配的地址访问EB应用程序.

这篇关于在ACM中为Elastic Beanstalk后端申请证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！