Creating SSL/TLS certificates for your Amazon Lightsail container services

Last updated: November 1, 2022

You can create Amazon Lightsail TLS/SSL certificates for your Lightsail container service. When you create a certificate, you specify the primary and alternate domain names for the certificate. When you enable custom domains for your container service, and choose the certificate, you can choose up to four domains from the certificate that will be added as the custom domains of your container service. After you update the DNS record of your domains to direct traffic to your container service, your service accepts the traffic and serves your content using HTTPS. There is a quota for the number of certificates that you can create. For more information, see Lightsail service quotas.

For more information about SSL/TLS certificates, see SSL/TLS certificates in Amazon Lightsail.

Prerequisites

Before you get started, you need to create a Lightsail container service. For more information, see Creating Amazon Lightsail container services and Container services in Amazon Lightsail.

Create an SSL/TLS certificate for your container service

Complete the following procedure to create an SSL/TLS certificate for your container service.

1. Sign in to the Lightsail console.

2. On the Lightsail home page, choose the Containers tab.

3. Choose the name of the container service for which want to create a certificate.

4. Choose the Custom domains tab on your container service management page.

5. Scroll down to the Attached certificates section of the page.

   All of your certificates are listed under the Attached certificates section of the page, including certificates created for other Lightsail resources, and certificates that are in use and not in use.

6. Choose Create certificate.

7. Enter a unique name in the Certificate name text box to identify your certificate. Then, choose Continue.

8. Enter the primary domain name (e.g., example.com) that you want to use with the certificate into the Specify up to 10 domains or subdomains field.

9. (Optional) Enter another domain name (e.g., www.example.com) into the Specify up to 10 domains or subdomains field.

   You can add up to nine alternate domains to your certificate. You can use up to four of your certificate's domains with your container service after you enable custom domains and select the certificate for your service.

10. Choose Create certificate.

    Your certificate request is submitted, and the status of your new certificate is changed to Attempting to validate your certificate. During this time, Lightsail attempts to add the certificate's validation record to the DNS of the primary domain. After a while, the status will change to Valid.

    If automatic validation fails you will be required to validate the certificate with your domains before you can use it with your container service. For more information, see Validating SSL/TLS certificates for your Amazon Lightsail container services.

Additional information about container services

These are the general steps to manage your Lightsail container service after it's up and running:

1. Get familiar with all of the elements of Lightsail container services. For more information, see Container services in Amazon Lightsail.

2. Create your container service in your Lightsail account. For more information, see Creating Amazon Lightsail container services.

3. If you plan to use container images from a public registry, find container images from a public registry such as the Amazon ECR Public Gallery. For more information about Amazon ECR Public, see What Is Amazon Elastic Container Registry Public? in the Amazon ECR Public User Guide.

4. If you plan to push container images from your local machine to your service, install software on your local machine that you need to create your own container images and push them to your Lightsail container service. For more information, see the following guides:

   • Installing software to manage container images for your Amazon Lightsail container services

   • Creating container images for your Amazon Lightsail container services

   • Pushing and managing container images on your Amazon Lightsail container services

5. Create a deployment in your container service that configures and launches your containers. For more information, see Creating and managing deployments for your Amazon Lightsail container services.

6. View previous deployments for your container service. You can create a new deployment using a previous deployment version. For more information, see Viewing and managing deployment versions of your Amazon Lightsail container services.

7. View the logs of containers on your container service. For more information, see Viewing the container logs of your Amazon Lightsail container services.

8. Create an SSL/TLS certificate for the domains that you want to use with your containers. For more information, see Creating SSL/TLS certificates for your Amazon Lightsail container services.

9. Validate the SSL/TLS certificate by adding records to the DNS of your domains. For more information, see Validating SSL/TLS certificates for your Amazon Lightsail container services.

10. Enable custom domains by attaching a valid SSL/TLS certificate to your container service. For more information, see Enabling and managing custom domains for your Amazon Lightsail container services.

11. Monitor the utilization metrics of your container service. For more information, see Viewing container service metrics in Amazon Lightsail.

12. (Optional) Scale the capacity of your container service vertically, by increasing its power specification, and horizontally, by increasing its scale specification. For more information, see Changing the capacity of your Amazon Lightsail container services.

13. Delete your container service if you're not using it to avoid incurring monthly charges. For more information, see Deleting Amazon Lightsail container services.