Free SSL – Setup LetsEncrypt on AWS EC2 using Certbot

LetsEncrypt is a free open certificate authority — basically enable HTTPS for your website name for FREE. It’s pretty awesome and super easy to setup. However there are some downsides to using LE:

  • Certificates are valid for 90 days only
  • They do not offer wildcard certificates.

Prerequisite:

  • SSH access and root privilege to your web server.
  • Amazon Linux AMI (RHEL 6, v1) instance but installation should work with any Linux distribution.
  • You’ve already setup DNS for your domain name (i.e. A Record, NameServer, etc).

The commands

1. SSH into your Amazon instance

2. Download and install Certbot in your home directory: (e.g ~/home/ec2)

3. Run certbot to fetch your certificates

4. Follow the prompts and enter the information requested (webroot located at /var/www/html).

5. Edit your SSL config

And set:

  • Set SSLCertificateFile to your Certificate path [/etc/letsencrypt/live/YOUR_WEBSITE_HERE/cert.pem]
  • Set SSLCertificateKeyFile to your Private Key path [/etc/letsencrypt/live/YOUR_WEBSITE_HERE/cert.pem]
  • Set SSLCertificateChainFile to your Full Chain path [/etc/letsencrypt/live/YOUR_WEBSITE_HERE/privkey.pem]

6. Update your Apache’s Virtual Host (vhost). On Amazon Linux, this is likely at /etc/httpd/conf.d/vhost.conf

7. Restart apache

FAQ: Cert renew issues: 

Error “couldn’t get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt” error

Solution:

Then rerun certbot-auto in user mode (ec2-user).

Error: ImportError: No module named cryptography.hazmat.bindings.openssl.binding

Solution:

Error: Running Amazon Linux AMI and encounter traceback error when trying to renew:

Solution:

Add a Comment

Your email address will not be published. Required fields are marked *