Creating SSL/TLS certificates for your Amazon Lightsail distribution
Last updated: July 23, 2020
You can create Amazon Lightsail TLS/SSL certificates for your Lightsail distributions. When you create a certificate, you specify the primary and alternate domain names for the certificate. When you enable custom domains for your distribution, and choose the certificate, those domains are added as the custom domains of your distribution. After you update the DNS record of your domains to point to your distribution, your distribution accepts the traffic and serves your content using HTTPS. There is a quota for the number of certificates that you can create. For more information, see Lightsail service quotas.
For more information about SSL/TLS certificates, see SSL/TLS certificates in Lightsail.
The domain names you specify when creating an SSL/TLS certificate for your distribution cannot be in use by another distribution across all Amazon Web Services (AWS) accounts, including distributions on the Amazon CloudFront service. You will be able to create the certificate for the domains, but you will not be able to use the certificate with your distribution.
Before you get started, you need to create a Lightsail distribution. For more information, see Creating Amazon Lightsail distributions and Content delivery network distributions in Amazon Lightsail.
Create an SSL/TLS certificate for your distribution
Complete the following procedure to create an SSL/TLS certificate for your distribution.
Sign in to the Lightsail console.
On the Lightsail home page, choose the Networking tab.
Choose the name of the distribution for which want to create a certificate.
Choose the Custom domains tab on your distribution's management page.
Scroll down to the Certificates section of the page.
All of your distribution certificates are listed under the Certificates section of the page, including certificates created for other distributions, and certificates that are in use and not in use.
Choose Create certificate.
Enter the primary domain name (e.g.,
example.com) that you want to use with the certificate into the Primary Domain text box.
The name of your certificate is automatically updated to match the primary domain (i.e.,
example-com) but you can change it.
(Optional) Enter another domain name (e.g.,
www.example.com) into the Alternate domains and subdomains field.
You can add up to nine alternate domains to your certificate. You will be able to use all of your certificate's domains with your distribution after you enable custom domains and select the certificate for your distribution.
Your certificate request is submitted, and the status of your new certificate is changed to Pending. After a while, the status will change to Validation in progress and you will be required to validate the certificate with your domains before you can use it with your distribution. For more information, see Validating SSL/TLS certificates for your Amazon Lightsail distribution.
Here are some articles to help you manage distributions in Lightsail: