I am provisioning a 3-broker kafka cluster on AWS EC2, and I need them to be reachable on an internal VPC at URLs like 1.kafka.private.com, etc. If I do not attach a cert, I know that systems using kafka (and maybe the brokers themselves) will give "SSL Handshake" errors.
I have the cert in ACM for *.private.com (that's an example) but I know you cannot attach ACM certs directly to EC2 instances, just loadbalancers and cloudfront.
I set up a similar cluster in a public zone and used letsencrypt certbot to issue certs, but I cannot do that know since this private dns is not publically resolvable.
How can I set this up? I would prefer not to put each of the 3 brokers behind 3 loadbalancers, and I'm not even sure if that would work.
question from:https://stackoverflow.com/questions/66055035/setting-up-hostname-domain-certificates-in-aws-private-hosted-zone
