Michael de Silva's Blog

Software Engineer. Rubyist and Roboticist.

Michael de Silva's Blog

Software Engineer. Rubyist and Roboticist.

Cheap SSL & Domain Registration with Amazon AWS Route 53 & Certificate Manager

Screen shot 2016 02 09 at 06.43.10

By the end of July 2015 Amazon made the following announcement — Amazon Route 53 Announces Domain Name Registration, Geo Routing, and Lower Pricing, which at the time didn't really feel like much.

Fast forward to 2016 and consider that I was shopping for a .io domain. Godaddy wanted $59.99 although Gandi were tad cheaper (although I hadn't realised, this was interesting!).

I didn't want to have to manage a second DNS registrar explicitly, and decided to chalk up the extra 2-dollars or thereabouts and register my shiny new desilva.io domain with AWS itself (Amazon Route 53 Pricing for Domain Registration). The process took under 2 minutes, where I had to fill in a form with my registrant details. But oh, was I in for a pleasant surprise!

I could get 'privacy' enabled for free. LOL WUT? Godaddy charges around $7.99/year/domain for that.

# Ref: http://centralops.net/co/
Domain Whois record

Queried whois.nic.io with "desilva.io"...

Domain : desilva.io
Status : Live
Expiry : 2017-02-10

NS 1   : ns-883.awsdns-46.net
NS 2   : ns-1886.awsdns-43.co.uk
NS 3   : ns-1047.awsdns-02.org
NS 4   : ns-33.awsdns-04.com

Owner  : Michael de Silva
Owner  : Obfuscated whois Gandi-63-65 boulevard Massena
Owner  : Obfuscated whois Gandi-Paris
Owner  : FR

Check for 'desilva.ac' --- http://www.nic.ac/go/whois/desilva.ac
Check for 'desilva.sh' --- http://www.nic.sh/go/whois/desilva.sh

# Whois result for desilva.io
domain: desilva.io
reg_created: 2016-02-10 03:04:11
expires: 2017-02-10 03:04:11
created: 2016-02-10 04:04:11
changed: 2016-02-10 04:19:32
ns0: ns-883.awsdns-46.net
ns1: ns-1886.awsdns-43.co.uk
ns2: ns-1047.awsdns-02.org
ns3: ns-33.awsdns-04.com
owner-c:
  nic-hdl: Protected by policy
  owner-name: Michael de Silva
  organisation: ~
  person: Protected by policy
  address: Protected by policy
  email: Protected by policy
admin-c:
  nic-hdl: Protected by policy
  owner-name: Michael de Silva
  organisation: ~
  person: Protected by policy
  address: Protected by policy
  email: Protected by policy
tech-c:
  nic-hdl: Protected by policy
  owner-name: Michael de Silva
  organisation: ~
  person: Protected by policy
  address: Protected by policy
  email: Protected by policy
bill-c:
  nic-hdl: Protected by policy
  owner-name: Michael de Silva
  organisation: ~
  person: Protected by policy
  address: Protected by policy
  email: Protected by policy

My total savings are now at $5.99 having accounted for the difference from the $7.99 that Godaddy would have charged, as I didn't register through Gandi directly, and interestingly enough, AWS have partnered with Gandi rather than becoming a full-blown registrar.

Shopping around for SSL certs

I've got a couple personal projects and side-projects that I plan to bootstrap and it would be nice to have SSL, considering I would be providing public access to my apps, which include authentication and the usual gamut of browser & server interactions.

I'd rather not send such info over the 'wire' for anyone to pluck out of the clouds, and therefore need to add SSL/TLS as a safeguard.

The cheapest wild-card Domain Validation PositiveSSL Multi-Domain certificate would run me $25.99/year via SSLs.com where as I can get one for free from AWS.

ACM does not provide extended validation (EV) certificates or organization validation (OV) certificates

Further details on certificate specifics by AWS are detailed here.

My michaeldesilva.me domain has its registrar setup with Route 53's nameservers, which is something I've been doing with most of my domains.

...there's also another really important reason why I'm going with AWS :)

SSL Offloading with AWS ELBs

Since the certificate is issued by AWS — and do note that AWS do not have to be the registrar as well, this is only optional — it can be attached to any ELB as long as it is in the us-east region (at the time of writing on 10th February 2016), although they are actively rolling this out to rest of their regions, since AWS Certificate Manager is rather new, considering it was only announced on 21st January 2016.

To get SSL offloading to work with my Rails app deployed via OpsWorks needed some work via their custom cookbooks option, but setting it up was rather straightforward. Details on how I achieved it are best suited for another write up though.

Bit of spare change...

Having earlier saved around $5.99 once I factor in the savings for the SSL cert that brings my savings to $31.98. That's not too bad, even if I say so myself!

comments powered by Disqus