Enabling Cloudfront free SSL for discourse subdomain hosted on Lightsail


(Andrei Cristof) #1

Hello everyone,

Given the scenario:

  • I have a domain example.com served from Amazon Cloudfront which reads from an S3 bucket. Route53 as DNS. All good.
  • The domain uses the free SSL certificate of Amazon ACM (since I use Cloudfront I get a free certificate). All good - https://example.com works.
  • I installed discourse on an Amazon Lightsail instance, available at http://read.example.com - it works since I configured Route53 to route read.example.com to the Lightsail public IP.

My question is: how can I setup the subdomain read.example.com where discourse runs, to use Amazon’s free SSL certificate? Because in this guide it says you must get your own ssl key, but I dont have one, only what Amazon has setup. And my certificate is already setup in Amazon to watch all subdomains: *.example.com, so this should work already?

I hope my question is clear. Thank you in advance for your help.
Best regards,


(Rafael dos Santos Silva) #2

It’s better to use a Let’s Encrypt cert: Setting up Let’s Encrypt


(Andrei Cristof) #3

Thanks for your response. But why? I already have a working certificate and its already setup to *.example.com so it should work with read.example.com.


(Andrei Cristof) #4

Nevermind, you are right. I just found a note explaining that Amazon Lightsail VPS’es cannot use the AWS Certificate Manager (ACM). So I need another certificate, which is where your link helps.

Thank you!