I have an elastic public IP for my EC2 instance. I have an Nginx server running on it (and nodejs as a backend server). I'd like to enable HTTPS access to my server.

My questions:

  1. Can I create an SSL certificate (not self-signed) using just my elastic public IP?

  2. If not, my department has a domain. let's say, https://www.example.com. This already points to a server with some IP. How can I enter the record (and where?) so that https://www.example.com/base-route points to my elastic public IP without affecting any existing routes? If this is possible, do I create SSL certificate for https://www.example.com or https://www.example.com/base-route

  3. If I create a new SSL certificate for https://www.example.com/base-route, will it have any impact on the existing certificate for https://www.example.com/?


SSL certificates are for verifying hosts. A host is identified by either a domain name (by DNS) or an IP address, so.

  1. Yes, you can get a trusted SSL certificate for your IP address. As far as I'm aware of, Riven Cloud sells this for $9/yr which is the cheapest (I'm not affiliated!)

  2. No. Certificates are for hosts, not for paths. You have two options here:

    • Ask your administrator to delegate a subdomain for you, like base-route.example.com, so you can acquire a certificate for that.
    • Ask your administrator to reverse-proxy the base route to your instance. They'll still handle the certificate issue, but you'll have control over the content of this base path.
  3. As noted in point 2, there's no way you'd get a certificate for a path. You only set it up for a host (domain or IP address).