Elastic Load Balancing
Developer Guide
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.

Update the SSL Certificate for Your Load Balancer

If you are using the HTTPS/SSL protocol for your listeners, you might have an SSL server certificate installed on your load balancer. Your SSL certificate comes with a validity period. You must replace the certificate before its validity period ends. To replace a certificate, you must first create a new certificate by following the same steps you used when you created the current certificate. For more information about creating an SSL certificate and uploading it, see SSL Certificates for Elastic Load Balancing.

The following examples show you how to update an SSL certificate.


Verify that your certificate meets the prerequisites.

Updating an SSL Certificate Using the Console

To update an SSL certificate for an HTTPS load balancer

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, under LOAD BALANCING, click Load Balancers.

  3. Select your load balancer.

  4. In the Listeners tab, click Change in the SSL Certificate column for the certificate.

  5. In the Select Certificate dialog box, do one of the following:

    • If you have already uploaded an SSL certificate using IAM, select Choose an existing SSL Certificates, select the certificate from Certificate Name, and then click Save.

    • If you have an SSL certificate to upload, select Upload a new SSL Certificate. Enter a name for the certificate, copy the required information to the form, and then click Save. Note that the certificate chain is not required if the certificate is a self-signed certificate.

    Update SSL Certificate

Updating an SSL Certificate Using the AWS CLI

To update an SSL certificate for an HTTPS load balancer

  1. If you have an SSL certificate but have not uploaded it, complete the instructions described in Upload the Signed Certificate.

  2. Use the following get-server-certificate command to get the ARN of the certificate:

    aws iam get-server-certificate --server-certificate-name my-new-certificate
  3. Use the following set-load-balancer-listener-ssl-certificate command to set the certificate:

    aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name my-loadbalancer --load-balancer-port 443 --ssl-certificate-id arn:aws:iam::123456789012:server-certificate/my-new-certificate