I am trying to enable HTTPS on our backend server hosted on an EC2 instance by importing a Cloudflare client certificate (NOT Cloudflare's Origin certificate) into the Amazon Certificate Manager. I made this decision in part because our backend does not currently have a domain, only a public IP address.
When importing the certificate, I cannot find what I am supposed to input for the "Certificate Chain" field, since creating the client certificate did not give me the certificate chain. I have tried following this solution on Cloudflare's discussion forum, but ACM gave another error, saying: Could not validate the certificate with the certificate chain.
Is what I am trying to do possible?
The certificate chain, also known as the certification path , is a list of certificates used to authenticate an entity. You need that so ACM can check the validity of your certificate.
When importing a certificate into ACM, don't include the certificate in the certificate chain. The certificate chain must contain only the intermediate and root certificates. The certificate chain must be in order, starting with the intermediate certificates, and then ending with the root certificate.
You can find cloudflare root certificate on point 4 in this document: https://developers.cloudflare.com/ssl/origin-configuration/origin-ca
https://aws.amazon.com/premiumsupport/knowledge-center/acm-import-troubleshooting/