Enable https on EC2 Instance

I have an elastic public IP for my EC2 instance. I have an Nginx server running on it (and nodejs as a backend server). I'd like to enable HTTPS access to my server.

My questions:

1. Can I create an SSL certificate (not self-signed) using just my elastic public IP?

2. If not, my department has a domain. let's say, https://www.example.com. How can I enter the record (and where?) so that https://www.example.com/base-route points to my elastic public IP without affecting any existing routes? If this is possible, do I create ssl certificate for https://www.example.com or https://www.example.com/base-route

3. If I create a new SSL certificate for https://www.example.com/base-route, will it have any impact on the existing certificate for https://www.example.com/?

4. Will new routes, say /route-2 on linked domain name point to correct route. For example, https://www.example.com/base-route/route-2 point to http://ip-address/route-2

Your best bet is to create a new domain name for your EC2 instance, e.g. something.example.com, as an A record pointing to your elastic IP. Then you can open ports 80 and 443 in the Security group and create a new SSL certificate for example through letsencrypt.org. That will give you an independent HTTPS URL https://something.example.com

If you still want to have it under http://example.com/something you’ll have to configure a reverse proxy on the existing web server (assuming it’s a different server than this one we talk about). That’d be a topic for another question though.

Hope that helps :)

1. Yes

2-4. SSL certificate is installed on a domain/subdomain. So, you will use the same SSL certificate for

https://example.com/subdomain/

and

https://example.com/

and any other links under your example.com domain. You would only need to configure your nginx to point your subdirectories to the your applications