Get your Letsencrypt SSL certificate working on your AWS EC2 Amazon Linux 1 Apache instance in just a few minutes with this detailed step-by-step how-to guide.
Summary
Adding TLS/SSL encryption over HTTPS is free and easy with Letsencrypt. The Certbot web site provides detailed instructions for the most popular combinations of Linux and Web Server, but oddly, they do not provide exact instructions for the Amazon Linux AMI, and as it turns out, there are a couple of details that took me several hours to trouble shoot initially. Hopefully this article will help you get https working on your Amazon Linux EC2 quickly an easily.
Assumptions
- Your EC2 instance is built from the Amazon Linux AMI
- You have SSH access to your EC2 instance and you’re comfortable working from the command line
- You’re attempting to install on a single AWS EC2 instance based on AWS’ Tutorial: Install a LAMP Web Server with the Amazon Linux AMI
- Finally, note that for this article I added a WordPress site to my server, using AWS’ guidelines: Hosting a WordPress Blog with Amazon Linux
Note that this installation strategy only touches the Apache web server layer. If you’re interested you can read more in the Official Apache Documentation for SSL to see first-hand what the certbot-auto installation program is doing. A LAMP-based web application like WordPress is illustrative of the effectiveness of this SSL certificate installation strategy in that we (usually) won’t need to do much at the application layer in order to get web traffic flowing over HTTPS.
Implementation
In this how-to article we’re going to install a SSL certificate and reroute all traffic to HTTPS for a fictitious site named ssl.lawrencemcdaniel.com that currently looks like the following
Summarizing the installation and configuration process, we’re going to install a utility app named certbot-auto that we will execute from the command line of your EC2 instance in order to request a new SSL certificate for our domain. We’ll use cdertbot-auto to request the certificate, and then afterwards, to make adjustments to our Apache web server configuration so that all inbound HTTP requests are automatically forwarded to HTTPS. Ok, let’s get started!
1. Install Certbot
certbot is a free open-source utlitity app that is sponsored by the letsencrypt.org consortium. Detailed installation instructions are available here. Certbot is not currently available thru yum repositories, we’ll therefore download the repository manually using wget as follows:
#change to our home directory cd # This is important! Certbot assumes that you've already installed Apache's SSL support module. # If you skip this step then you'll get errors later on when certbot attempts to add # your new certification to your virtual host configuration. sudo yum install -y mod24_ssl # Download the repository. This is the official download center for # Electronic Frontier Foundation (https://www.eff.org/) the official # Certbot project sponsor. wget https://dl.eff.org/certbot-auto #make certbot-auto executable chmod a+x certbot-auto
2. Execute certbot-auto
Now we’re ready to execute certbot-auto to request our SSL certificate.
# Note: the --debug flag is required (and misleading) # This flag prompts certbot-auto to install the lengthy list # of prerequisites on which certbot-auto depends. sudo ./certbot-auto --debug
Executing certbot-auto is a multi-step Q&A process. You’ll be asked around six questions. Refer to the following screen shots for my responses:
Certbot-auto registers an email address where they’ll send renewal reminders and alerts.