Last week I migrated one of my websites from AWS EC2 Instance to Amazon Lightsail, primarily to optimize the expenses of that website. This week again, I set-up a new LAMP stack on an EC2 instance for another website of mine, an online doctor appointment booking website. I thought of writing about how to install a free SSL Certificate from LetsEncrypt on a website hosted on AWS EC2 instance.
Maybe sometime soon, I will also write a quick post about how to set up a LAMP stack on Amazon EC2 Instance but before that, let’s get on this one and see how I quickly installed a free SSL certificate for this new website of mine.
How To Install LetsEncrypt’s free SSL certificate on Amazon EC2 Instance?
There are multiple ways to install a free SSL certificate on an Ubuntu-based Amazon EC2 server. The steps to install the SSL certificate depends on what option you choose. In my case, I chose to go with one of the simplest ways to install Letsentrypt SSL on the Amazon EC2 hosted website, using Certbot. The steps involved are as follows:
- SSH To Your EC2 Instance
- Add the Certbot PPA to your list of repositories
- Download & install certbot
- Fire-up certbot to install Letsencrypt
- Test for successful installation
1. SSH into your Linux Box
The first thing to do to be able to install an SSL certificate for your website is to connect to your Linux server sitting on your EC2 Instance. If you are on a Mac or Linux, you already have a powerful shell/terminal to do that. If you are on Windows (like me), the choice of the terminal is up to you. I like the simplicity of SmartTTY. Just like always, I connected to my instance using the said shell client.
2. Run update and add Certbot PPA
Once connected, the first thing I did was to run the following command, to make sure all the packages on my Linux box are upto date.
sudo apt-get update
Then, I proceeded with adding the certbot PPA using the set of commands given below:
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
Once I was done, I again ran an update to update all the packages on my Linux EC2 instance. To do that, I ran the following command again.
sudo apt-get update
3. Download and Install Certbot
Certbot is what I used to install the certificate on my webisite. I did that by running the commands given below:
sudo apt-get install certbot python-certbot-apache
4. Install LetsEncrypt Certificate and update configuration files
After the successful install of certbot, I proceeded on to run the tool (certbot) and to request the SSL certificate for my domain name. Now, this is where things have changed for the better now.
In the past, after requesting an SSL certificate, you also had to move around the certificate and key files and the update some configuration files for the SSL certificate to be correctly implemented.
In this approach, I did not have to do any of that. I just ran the following command to request and install the SSL certificate and I was done. I had to answer a few simple questions on the way but they were no-brainers.
sudo certbot --apache
5. Renew LetsEncrypt SSL Certificate on Amazon EC2
For my other websites hosted on AWS Linux servers, I had to write additional crontabs to ensure they have renewed automatically before their respective expiration dates. In this approach, the one single command I ran (step 4) even took care of updating the crontab.
The following command is used to renew the SSL certificate using Certbot:
sudo certbot renew
If you want to see whether the command runs correctly but without actually requesting a renewal, you can run the following command:
sudo certbot renew --dry-run
6. Verify SSL Installation
Once done, just to be sure, check if the certificate has been installed correctly. You can do that through any of the hundreds of option when you google. A random search gavve me this (https://www.sslshopper.com/ssl-checker.html) so this where I verified my website’s certifcate installation.
Hope this helps.