Amazon Issued Certificates
A self-signed certificate is imported into Amazon Certificate Manager (ACM) when CloudOps for Kubernetes initializes on AWS for the first time. This self-signed certificate is applied to the application load balancer that handles all external requests to services in the cluster.
To update your cluster to use a valid TLS certificate issued by Amazon:
Update the Name Server (NS) records for the Route53 DNS Zone created by CloudOps for Kubernetes
Update your cluster so CloudOps for Kubernetes can create a valid ACM certificate. For more information, see the update your cluster documentation.
CloudOps for Kubernetes will not create a valid certificate until the Name Server records are updated. Name Server record updates can take some time to apply.
If you are using CloudOps for Kubernetes to acquire a publicly signed SSL certificate, you must re-run
docker-compose. Do this after updating the DNS nameservers and before deploying any other Elastic Path infrastructure. If you do not perform this step, your bootstrap workspace might enter into an inconsistent state, preventing you from re-running
docker-compose later to acquire updates.