I'm looking for advice on how to set up Digicert certificates for use with AWS's Application Load Balancer (ALB). Our organization has a policy to use Digicert for everything, and in our current Azure setup, we're running AKS with cert-manager to manage the certificates. Cert-manager handles the certificate requests and updates them automatically, which we want to replicate in AWS. However, we can't use ACM-issued certificates.
The approach I'm considering is to keep using cert-manager on Amazon EKS to handle Digicert certificate requests and then use a tool like cert-manager-sync to automatically import updated certificates into ACM once they're rotated. This would let us attach the ACM certificate to the ALB smoothly. I'm curious if anyone has suggestions or thinks there are better options for managing this setup. Any thoughts?
2 Answers
What about setting up an NLB that forwards to a proxy with TLS loaded from cert-manager? It could be another way to manage things, but it does mean managing an extra container which might add some complexity to your setup.
Using the Digicert API with AWS SDK might be a good route for creating a Lambda function to handle certificate rotation. It seems like a solid plan if you're comfortable with coding it up. However, if keeping cert-manager on EKS works better for you, that sounds perfectly viable too!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures