Force HTTPS on an Elastic Beanstalk Site with WordPress

Updated Jan 25, 2018

This post is part of the series WordPress and Elastic Beanstalk.


These days it’s expected that websites use HTTPS to help with website authentication and to protect data in transit. It’s good practice, plus Google factors it in to search rankings.

It’s easy with Elastic Beanstalk to request and immediately receive an SSL/TLS certificate. Once you have the certificate you can attach it to your Elastic Beanstalk instance, tweak your configuration, and deploy a new site that routes all traffic through HTTPS.

This post assumes that you have a WordPress application in Elastic Beanstalk (see WordPress and Elastic Beanstalk) and that you’re using a custom domain (see Add a Custom Domain to an Elastic Beanstalk WordPress Application).

Table of contents

Get an SSL/TLS certificate

Go to the Certificate Manager dashboard. If you haven’t issued any certificates click “Get Started” to request a new certificate, else click “Request a certificate”.

You will be guided through the steps to request a certificate. For your domain name enter “” and add another name “” (replacing “example” with your actual domain name). Follow the instructions to verify you ownership of the domain.

Once your certificate is issued, find the certificate ARN under the certificate details. You’ll need this for the next step.

Configure Elastic Beanstalk to use the certificate

Here we’ll add a new configuration file to .ebextensions in our source bundle to attach the certificate to our Elastic Beanstalk environment. Create a new file .ebextensions/secure-listener.config:

secure-listener.config Download Copy
    SSLCertificateId: replace:with:your:certificate:arn
    ListenerProtocol: HTTPS
    InstancePort: '80'

Replace the highlighted text with the ARN for your new certificate. The above tells our load balancer to listen to HTTPS requests on port 443 using our certificate, and to forward those requests to port 80 on our EC2 instances. If we stopped here we could access our site over HTTPS but people would still be able to access it over HTTP. In the next step we’ll redirect all HTTP traffic to HTTPS.

Configure Elastic Beanstalk to force HTTPS

The load balancer sends all traffic to EC2 instances on port 80 over HTTP. Fortunately it also sets an X-Forwarded-Proto header that specifies the protocol of the original request, either http or https. We take advantage of that in the following configuration .ebextensions/ssl-rewrite.config:

ssl-rewrite.config Download Copy
    mode: "000444"
    owner: root
    group: root
    content: |
      RewriteEngine On
      <If "-n '%{HTTP:X-Forwarded-Proto}' && %{HTTP:X-Forwarded-Proto} != 'https'">
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L=301]
      SetEnvIfNoCase X-FORWARDED-PROTO "^https$" HTTPS=on

Update your environment variables

The post Add a Custom Domain to an Elastic Beanstalk WordPress Application addressed WordPress’s “site url” and “home url” configurations. We updated our environment variables in .ebextensions/env.config to reflect our new domain. We have to change those values again here to reflect HTTPS:

    WP_HOME: ''
    WP_SITEURL: ''

Replace the highlighted values in the above with your domain.

Next steps

Once you re-deploy your site all traffic should be redirected to HTTPS. Please feel free to leave any questions or suggestions in the comments area below.

Comments Leave a comment

  • Arthur
    This seems to all work fine until the last step. When I try to access the site I get a ERR_TOO_MANY_REDIRECTS error
    • EssyCodeModerator
      Are you able to look into the network requests when you load your site? In Chrome you can choose View > Developer > Developer Tools. You should then see a "Network" panel with a checkbox to "Preserve log". Try checking that box and re-loading the page and seeing what happensMore in the list of loaded resources (which presumably will be a bunch of redirects). If you're able to share some of the resulting info I may be able to help. If you've changed your Elastic Beanstalk environment variables (eg, "WP_HOME" and "WP_SITEURL") and re-deployed you may need to restart your application server in EB.
    Thank you thank you thank you! This article saved me a bunch of time! Used it to help in transfering a godaddy wordpress over to AWS!

Leave a comment