‹ Return to How tos

Create an SSL/TLS certificate for your Lightsail load balancer

Last updated: August 20, 2018

After you create a Lightsail load balancer, you can attach a Transport Layer Security (TLS) certificate to enable HTTPS. The SSL/TLS certificate lets your load balancer handle encrypted web traffic so that you can provide a more secure experience for your users. To learn more, see SSL/TLS certificates in Lightsail.


Before you get started, you will need the following.

Create the certificate request

  1. Sign in to the Lightsail console.

  2. On the Lightsail home page, choose Networking.

  3. Choose the name of the load balancer for which you want to configure an SSL/TLS certificate.

  4. Choose the Inbound traffic tab.

  5. Choose Create certificate.

  6. Type your domain name (e.g., example.com) where it asks for primary domain.

  7. If needed, change the certificate name.

    Resource names:

    • Must be unique within each AWS Region in your Lightsail account.

    • Must contain 2 to 255 characters.

    • Must start and end with an alphanumeric character or number.

    • Can include alphanumeric characters, numbers, periods, dashes, and underscores.

  8. Optionally, you can add alternate domains and subdomains.

    For more information, see Add alternate domains and subdomains to your SSL/TLS certificate

  9. Choose Create.

    Lightsail begins the validation process. You have 72 hours to verify that you own your domain.

    After you create your certificate, you see the certificate along with the domain name and all your alternate domains and subdomains. You need to create a DNS record for each domain and subdomain.

    Certificate pending validation with domains and subdomains

Next step