[fullsage]

Does this mean that ALB/ELB supports SNI now? Or they only allow you to do this with subdomains under a wildcard cert?

[wichert]

You can only configure a single SSL listener per load balancer, and that listener can only use a single certificate. That means you do indeed still need to use either wildcard certs or certs with multiple hostnames. Luckily you can very easily create those through the AWS certificate manager for free.

[statictype]

Wait - AWS has a service to generate wild card Certs that can be attached to ELB?

Did not realise this was a thing

[zwily]

Yes, and they automatically renew. It's fantastic. If you're using ELB/ALB, it's by far the easiest way to do SSL.

The only downside is that initial setup of a certificate requires email confirmation, so if you need to provision a lot, LE may still win.

[zob_cloud]

And they're free! Although only can be used on AWS services, currently ELB and CloudFront. https://aws.amazon.com/certificate-manager/

[sudhirj]

Think ALB already supported only SNI. Cloudfront has an offering that supports the older standard, but that's really expensive because of the need for all the static IPs.

Think the load balancers never had the possibility of static IPs, so SNI from the start.

But yeah, like another comment said, with the built in ACM managing certs is a non issue. It's like having an AWS specific Lets Encrypt for any service you want.

[zwily]

ALB definitely does not support SNI yet.

[merb]

just from reading the docs there is no indication about SNI.