Ways To Integrate Free SSL Certificate Into AWS Instance With Let’s Encrypt

AWS instance

Article Overview

Reading Time: 16 minutes

Posted on: Friday June 12, 2020

In the world of internet, SSL is the backbone for keeping it secure and protects all the sensitive information as it get to travel the global computer networks. It’s essential for website safety, even if it doesn’t handle sensitive information like financial credentials; it offers privacy, critical security and data integrity for websites as well as users’ personal information.

What is SSL?

Secure Sockets Layer (SSL) is a standard security protocol for encrypting the links between web server and browser in every online communications. It ensures that every data transmitted between the web server and browser remains completely secure from hacking.

What is Let’s Encrypt?

Let’s Encrypt is an automated and open certificate authority using the Automatic Certificate Management Environment (ACME) protocol to provide free TLS/SSL certificates for every compatible client upto 90 days and can be renewed free of cost.

How to implement Let’s Encrypt in AWS server?

Start with login AWS instance with ssh. To connecting you can look into connecting to your Linux instance using SSH.

Wanna have a look on best cloud platform? Have a quick look here!

First need to setup cartbot-auto client for let’s encrypt certificate generation. for setup

wget https://dl.eff.org/certbot-auto

Now you would require permissions in cartbot-auto

chmod a+x certbot-auto

And it would appear like:

Image 01

Now we can start for creating a certificate with let’s encrypt. Running the below command will make a request for certificate and verify requests:

sudo ./certbot-auto –debug -v –server https://acme-v01.api.letsencrypt.org/directory certonly –webroot -w /var/www/html -d add-ssl.us-east-2.elasticbeanstalk.com -d www.add-ssl.us-east-2.elasticbeanstalk.com

Here we need to focus on 2 important things -w indicates the webroot of your project, for us webroot is /var/www/html. Another things is -d indicate which domains require for certificate generation, our certificates were added twice in 2 same domains add-ssl.us-est-2.elasticbeanstalk.com and www.add-ssl.us-est-2.elasticbeanstalk.com where both must be https enabled.

Image 02

This command might ask an email address for certificate generation while running and if everything goes well then a congratulations message appears.

Image 03

You will also find some file getting generated in /etc/letsencrypt/live/domain.com/location

The 4 generated files are:

(a) cert.pem
(b) chain.pem
(c) fullchain.pem
(d) privkey.pem

NOTE: For seeing this list, become a root user by moving ec2-user to root user using this command “sudo su”

Image 04

Moving ahead update /etc/httpd/conf.d/ssl.conf files

There might be instances when this file is not found in that location. Just add/install the SSL mod on your Apache server.

  • yum install mod24_ssl

Image 05

Here you will find /etc/httpd/cond.d/ssl.conf file for adding location. You can open it with your preferred editor and add/update following location:

SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/fullchain.pem

Image 06

After adding this file restarts the apache service again

  • sudo service httpd restart

To finish, enable the HTTPS request in you instance Security groups inbound rule, so that your site can accept the HTTPS request also.

Congratulations!!!!  Now your site is SSL verified.