I've installed nginx on AWS using this configure script
--prefix=/usr/local/nginx-1.16.1 --with-http_ssl_module --with-openssl=~/Downloads/openssl-1.1.1i --without-http_rewrite_module
and I've issued a Certificate for my URL (let it be mydom.com) using the AWS Certificate Manager (ACM) and its status is displayed as Issued Then I've edited the relevant section in the nginx.conf
server {
listen 443 ssl;
server_name localhost mydom.com;
ssl_certificate /etc/ssl/certs/ca-bundle.crt;
ssl_certificate_key /etc/trusted-key.key;
<truncated>
}
I've selected the files:
/etc/ssl/certs/ca-bundle.crt and /etc/trusted-key.key only because they were there on the Linux File System and just for the sake of trying to see if nginx would run with them but it didn't run. It gave:
[emerg] cannot load certificate key "/etc/trusted-key.key": PEM_read_bio_PrivateKey() failes (SSL: error:0909006C:PEM routines:get_name: no start line:Expecting: ANY PRIVATE KEY)
Of course that was just a try. Otherwise I think I should probably use the .crt file issued by the ACM (if there are any) and then I should somehow create a .key file and put them somewhere in the Linux File System, like under the /etc/nginx/ssl? I'm not sure. How should I proceed?
Note: I have some experience running web applications on my own web server but using only the http I haven't much experience with https
ACM certificates can only be used by AWS managed services, primarily load balancers. You can't access the private key so you can't present an ACM cert using Nginx installed on your EC2 instance.
Your best options are: