> For the complete documentation index, see [llms.txt](https://docs.openg2p.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.openg2p.org/operations/deployment/deployment-guide/aws/create-acm-certificate-on-aws.md). # Create ACM Certificate on AWS {% hint style="info" %} **Only needed for the legacy AWS-LB exposure pattern.** In standard production, TLS terminates at the **Reverse-Proxy Nginx** with **customer-supplied certificates** — there is no AWS load balancer in front of the cluster, so no ACM certificate is required. See [DNS & TLS Certificates](/operations/deployment/deployment-guide/dns-and-certificates.md) for the supported model. Use ACM only if you are deliberately fronting the environment with an AWS NLB/ALB ([Make Environment Publicly Accessible using AWS LB Configuration](/operations/deployment/deployment-guide/aws/make-environment-publicly-accessible-using-aws-lb-configuration.md)). {% endhint %} Amazon Certificate Manager (ACM) is a service provided by AWS that makes it easy to furnish, manage, and deploy SSL/TLS certificates for use with AWS services and your internal resources. ## Procedure The general steps to create an ACM certificate on AWS are given below. 1. Search for ACM in AWS Management Console or select ***Certificate Manager*** from the list of the services. 2. Click the ***Request a certificate*** button to start the certificate issuance process. 3. Enter the domain name that requires a wildcard certificate and add an asterisk \* before the domain name. For example, \*.openg2p.org. 4. If the domain is hosted on AWS Route53, then you can select or choose any one of the validation methods to prove the ownership of the domain. The available validation methods are: ***Email***, ***DNS***, and ***AWS-Managed***. 5. The recommended validation is AWS Route53 and it needs to be mapped in the Route53 in AWS. For routing, it is mandatory that the name and the values must be taken from the certificate. 6. Recheck the data you have entered and confirm the certificate request. This completes the validation process based on the chosen validation method. For example, if you have selected email validation, you will receive an email with instructions to validate ownership of the domain. After the successful validation, an ACM certificate will be issued and available for use with Elastic Load Balancing (ELB). Deploy the certificate to your AWS resources to enable secure communication over HTTPS. You can manage your ACM certificates from the ACM console which renews, updates, and deletes certificates as needed. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.openg2p.org/operations/deployment/deployment-guide/aws/create-acm-certificate-on-aws.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.