Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Terraform Example - Adding HTTPS Listener

Previously, I showed you how I created a codebase for a stock Terraform example in which EC2 servers running Docker webservers were deployed in two different ways (one with a load balancer, and one without).

In that simple example, the load balancer was just using a plain HTTP listener (no HTTPS/SSL support). I have since created a branch on that example code-base with the changes required to add an HTTPS listener which requires one to specify the ARN of the SSL certificate to use.

Unfortunately AWS do not just implement a basic SSL certficate with their default DNS name, like they do with CloudFront. In order to add an SSL certificate and get the ARN to add to the Terraform variables, follow this tutorial.

Debugging Issue

It is worth noting that when trying to achieve this, I got the following error message:

│ Error: error creating ELBv2 Listener (arn:aws:elasticloadbalancing:eu-west-2:XXXXXXXXXXXX:loadbalancer/app/myHttpLoadBalancer/4fc1a069d0aa8888): ValidationError: Certificate ARN 'arn:aws:acm:us-east-1:XXXXXXXXXXXX:certificate/2e78e10a-c858-4d90-a3e5-97544b2fda76' is not valid
│   status code: 400, request id: 2a5f9067-cef7-4b35-b367-4d9a131f124a
│   with aws_lb_listener.my_load_balancer_https_listener,
│   on line 146, in resource "aws_lb_listener" "my_load_balancer_https_listener":
│  146: resource "aws_lb_listener" "my_load_balancer_https_listener" {

This was because I was trying to use certificates that were using 4096 bits, and AWS only supports up to 2048. More information can be found about that here. Also, one needs to make sure the certificate was uploaded to the same region as where the load-balancer will be deployed.

I'm only mentioning this here in case others see the same error message and struggle to figure out why Terraform doesn't seem to think the ARN does not exist.

Last updated: 2nd February 2024
First published: 21st June 2021