Install AWS SSL Certificate to EC2 instance without load balancer

Certificates obtained through Amazon Certificate Manager (ACM) can only be installed on Elastic Load Balancers, CloudFront, API Gateway, and other AWS services. They cannot be exported or installed directly onto EC2 instances.

If you want to install an SSL certificate directly on your EC2 instance, you cannot use ACM. Instead, you will need to obtain an SSL certificate through a third-party (such as Lets Encrypt, GoDaddy, ec.) and install it following the instructions for your web server.

It is 100% valid to put an ELB in front of a single EC2 instance, especially for the purpose of letting the ELB manage the SSL certificate.

Other benefits of using ELB in front of your EC2 instance:

  • You'll gain the protection of AWS Shield (which provides some levels of DDoS protection),
  • You can replace the EC2 instance or scale out more easily if needed in the future,
  • The ELB will handle the encryption/decryption of the HTTPS connections (freeing your EC2 instance's CPU to do other work)

You will have to install the certificate for any server software that you are running on your instance. e.g apache, nginx, tomcat, nodejs. Each of these have their own mechanism for using the certificates. Read their documentation.

Also if you have setup DNS resolution for your instance public ip (make sure you are using elastic IP) then you can use certbot from let's encrypt to automate this process. check https://certbot.eff.org/. It supports multiple environments out of the box. and its free ssl certificates.