I'm trying to find a way to manage Digicert certificates for TLS termination on AWS load balancers, as my organization mandates using these certificates. In Azure, we utilize AKS with cert-manager to obtain certificates from Digicert, which are then loaded into the Azure Application Gateway via the Ingress Controller.
Now, I want to replicate this setup in AWS, but ACM-issued certificates aren't an option for us. It's crucial to maintain auto-rotation of the certificates.
One solution I considered is keeping cert-manager in Amazon EKS to handle certificate requests and rotation from Digicert. Then, I could use cert-manager-sync to automatically import updated certificates to ACM, which would be attached to the Application Load Balancer.
I'd love to hear any thoughts or alternative ideas you might have!
2 Answers
Using the Digicert API along with AWS SDK to build a Lambda function that manages certificate rotation sounds like a smart approach. However, if you find EKS easier to work with, your plan to utilize cert-manager there could definitely work too!
Have you thought about setting up a Network Load Balancer that routes traffic to a proxy where TLS is managed by cert-manager? It’s a viable option, but it means adding another container to your management, which might complicate things.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically