Here is a step by step guide on how to setup Lets Encrypt free SSL certificate on an AWS EC2 instance with Amazon linux OS. Cerbot client is used to generate the certificates.

Currently Lets Encrypt does not officially supports for Amazon Linux OS. But you can use Certbot client in debug mode to install a free SSL certificate on your AWS EC2 instance.

Installing Certbot client

Execute following commands to install Certbot client

wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

Generating a SSL certificate from Lets Encrypt using Certbot

Execute following command to generate a SSL certificate from Lets Encrypt. Make sure to replace your website path and domain.

sudo /usr/local/bin/certbot-auto certonly --debug --webroot -w /var/www/html/<your_website_path> -d <your_domain>

First of all this command installs a set of libraries in your AWS EC2 instance which are required to generate SSL certificates.

Make sure to provide a valid email address during the process to ensure you get email alerts from Lets Encrypt regarding the status of your SSL certificate.

Finally certbot will generate certificate files required to enable SSL on your website. You may find them in following path,

/etc/letsencrypt/live/<your_domain>/

privkey.pem : the private key for your certificate.
fullchain.pem: the certificate file used in most server software.
chain.pem : used for OCSP stapling in Nginx >=1.3.7.
cert.pem : server certificate

Configuring Apache web server to use SSL certificates

Next we have to configure Apache web server to use generated SSL certificates.

First of all make sure you have installed mod_ssl in your AWS instance. Use following command to install mod_ssl,

sudo yum install mod24_ssl

Then add following lines in your Apache configuration file(httpd.conf) to enable SSL.

<VirtualHost *:443>
     DocumentRoot /var/www/<your_domain>
     ServerName <your_domain>
     
     SSLEngine on
     SSLCertificateFile /etc/letsencrypt/live/<your_domain>/cert.pem
     SSLCertificateKeyFile /etc/letsencrypt/live/<your_domain>/privkey.pem
     SSLCertificateChainFile /etc/letsencrypt/live/<your_domain>/chain.pem
</VirtualHost>

Restart Apache web server using following command

sudo service httpd restart

Opening 443 port in AWS EC2 instance for HTTPS

Then we have to make sure port 443 of the EC2 instance is opened in your AWS security settings.

  1. Log in to AWS console
  2. Go to Services > EC2
  3. On the left navigation, under Network & Security go to Security Groups.
  4. Select the appropriate security group which governs your EC2 instance.
  5. Select Inbound tab
  6. Add a rule to open 443 port for TCP traffic
AWS open 443 port for SSL

Test SSL certificate

Visit https://<your_domain> to verify the SSL enabled website

Add cron to auto renew Lets Encrypt SSL certificate

You can use Certbot to automatically renew Lets Encrypt SSL certificate. Edit linux crontab and add following line. This would setup a crontab to check and renew SSL certificate if required.

crontab -e
15 0,12 * * * /usr/local/bin/certbot-auto renew >/dev/null 2>&1

AWS

About the Author

Sadupa Wijeratne

Sadupa Wijeratne is the founder of My Cute Blog. Currently working as a software engineer. Interested about latest technologies and love to learn by experience.

View All Articles