Create an SSL/TLS certificate for your Lightsail load balancer
Last updated: August 20, 2018
After you create a Lightsail load balancer, you can attach a Transport Layer Security (TLS) certificate to enable HTTPS. The SSL/TLS certificate lets your load balancer handle encrypted web traffic so that you can provide a more secure experience for your users. To learn more, see SSL/TLS certificates in Amazon Lightsail.
Before you get started, you will need the following.
A Lightsail load balancer. To learn more, see Create a Lightsail load balancer.
Create the certificate request
Sign in to the Lightsail console.
On the Lightsail home page, choose Networking.
Choose the name of the load balancer for which you want to configure an SSL/TLS certificate.
Choose the Inbound traffic tab.
Choose Create certificate.
Type your domain name (e.g.,
example.com) where it asks for primary domain.
If needed, change the certificate name.
Must be unique within each AWS Region in your Lightsail account.
Must contain 2 to 255 characters.
Must start and end with an alphanumeric character or number.
Can include alphanumeric characters, numbers, periods, dashes, and underscores.
Optionally, you can add alternate domains and subdomains.
For more information, see Add alternate domains and subdomains to your SSL/TLS certificate
Lightsail begins the validation process. You have 72 hours to verify that you own your domain.
After you create your certificate, you see the certificate along with the domain name and all your alternate domains and subdomains. You need to create a DNS record for each domain and subdomain.