Change / Update SSL certificate for Amazon Elastic Load Balancer with AWS Command Line Interface

Updated . Posted . Visible to the public.
  1. Install and configure the AWS Command Line Interface Show archive.org snapshot

  2. Show existing certificates to test if the AWS Cli is working:

    $ aws iam list-server-certificates
    {
      "ServerCertificateMetadataList": [
          {
              "Path": "/", 
              "Arn": "arn:aws:iam::5xxxxxxxxxxx:server-certificate/www.example.com-201307-201407", 
              "ServerCertificateId": "AXXXXXXXXXXXXXXXXXXXX", 
              "ServerCertificateName": "www.example.com-201210-201310", 
              "UploadDate": "2012-10-10T11:25:35Z"
          }
      ]
    }
    
  3. Upload your certificate:

    $ aws iam upload-server-certificate --server-certificate-name www.example.com-2013010-2014010 --certificate-body file://www.example.com.crt --private-key file://www.example.com.key --certificate-chain file://www.example.com.ca-bundle 
    {
        "ServerCertificateMetadata": {
            "Path": "/", 
            "Arn": "arn:aws:iam::5xxxxxxxxxxx:server-certificate/www.example.com-2013010-2014010", 
            "ServerCertificateId": "AXXXXXXXXXXXXXXXXXXXX", 
            "ServerCertificateName": "www.example.com-2013010-2014010", 
            "UploadDate": "2013-10-22T16:57:36.704Z"
        }
    }
    

    If you got the error message A client error (MalformedCertificate) occurred: Invalid Private Key. please look at this card to see how to fix it.

  4. Get the name of your loadbalancer:

    $aws elb describe-load-balancers | grep LoadBalancerName
                "LoadBalancerName": "example-com", 
    
  5. Update certificate on your loadbalancer:

    aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name example-com --ssl-certificate-id arn:aws:iam::5xxxxxxxxxxx:server-certificate/www.example.com-2013010-2014010 --load-balancer-port 443
    
Last edit
Andreas Herz
Keywords
ops
License
Source code in this card is licensed under the MIT License.