Setting up the Elastic Beanstalk SSL Certificate is free for all AWS users. This example will setup TLS by default and validates on Qualys SSL Test to A+ 

Start from the command-line using the terminal, locate your Ruby on Rails main directory of your App.

> cd /roo/app

First, make sure you have the AWS CLI command line installed if not Install AWS CLI command line. This example is for macOS users:

> pip install --upgrade --user awscli

Execute the following command to request a certificate followed by the desired domain that you would like to request an SSL certificate for.

> aws acm request-certificate --domain-name

copy the arn code:
example: arn:aws:acm:us-west-2:200000000002:certificate/b32d2453-4ddds-f221-4532-12g32113b32b

While on the root of your app, create the following .json file by running the command below:

> touch elb-acm.json

Edit the newly created elb-acm.json file by running the command below:

> vim elb-acm.json

add this into your code along with the arn URL link you copied before by replacing the text in the bold example:

  "Namespace" : "aws:elb:listener:443",
  "OptionName" : "ListenerProtocol",
  "Value" : "HTTPS"
  "Namespace" : "aws:elb:listener:443",
  "OptionName" : "SSLCertificateId",
  "Value" : "arn:aws:acm:us-west-2:200000000002:certificate/b32d2453-4ddds-f221-4532-12g32113b32b"
  "Namespace" : "aws:elb:listener:443",
  "OptionName" : "InstancePort",
  "Value" : "80"
  "Namespace" : "aws:elb:listener:443",
  "OptionName" : "InstanceProtocol",
  "Value" : "HTTP"

Make sure to include your arn URL link.

The final step is to execute the Certificate by locating the local path of your elb-acm.json. Your command path example should include this example file:///Users/ followed by the path of your project app and the elb-acm.json file.

> aws elasticbeanstalk update-environment --environment-name name-of-app --option-settings file:///Users/name/some-directory/app/elb-acm.json

After you run the following command you can verify your certificate via the AWS console here: with a status that reads Issued. You can check the security ranking by visiting Qualys SSL Test.

If you are using Ruby on Rails make sure to force https on your config/application.rb

module MyApp
  class Application < Rails::Application
    config.force_ssl = true



Errors you might encounter:

ERROR: No Environment found for EnvironmentName

You forgot to set profile at the end or you first have to run aws configure (below example):

> aws elasticbeanstalk update-environment --environment-name name-of-app --option-settings file:///Users/name/some-directory/app/elb-acm.json --profile nameIfAnyOrChooseSayDefault

ERROR: You must specify a region. You can also configure your region by running "aws configure".

> aws configure --profile nameIfAnyOrChooseSayDefault


AWS Access Key ID [****************As3Q]:
AWS Secret Access Key [****************dsDP]:
Default region name [None]: us-west-2
Default output format [None]: