Posted on: Friday June 12, 2020
In the world of internet, SSL is the backbone for keeping it secure and protects all the sensitive information as it get to travel the global computer networks. It’s essential for website safety, even if it doesn’t handle sensitive information like financial credentials; it offers privacy, critical security and data integrity for websites as well as users’ personal information.
What is SSL?
Secure Sockets Layer (SSL) is a standard security protocol for encrypting the links between web server and browser in every online communications. It ensures that every data transmitted between the web server and browser remains completely secure from hacking.
What is Let’s Encrypt?
Let’s Encrypt is an automated and open certificate authority using the Automatic Certificate Management Environment (ACME) protocol to provide free TLS/SSL certificates for every compatible client upto 90 days and can be renewed free of cost.
How to implement Let’s Encrypt in AWS server?
Start with login AWS instance with ssh. To connecting you can look into connecting to your Linux instance using SSH.
Wanna have a look on best cloud platform? Have a quick look here!
First need to setup cartbot-auto client for let’s encrypt certificate generation. for setup
Now you would require permissions in cartbot-auto
chmod a+x certbot-auto
And it would appear like:
Now we can start for creating a certificate with let’s encrypt. Running the below command will make a request for certificate and verify requests:
sudo ./certbot-auto –debug -v –server https://acme-v01.api.letsencrypt.org/directory certonly –webroot -w /var/www/html -d add-ssl.us-east-2.elasticbeanstalk.com -d www.add-ssl.us-east-2.elasticbeanstalk.com
Here we need to focus on 2 important things -w indicates the webroot of your project, for us webroot is /var/www/html. Another things is -d indicate which domains require for certificate generation, our certificates were added twice in 2 same domains add-ssl.us-est-2.elasticbeanstalk.com and www.add-ssl.us-est-2.elasticbeanstalk.com where both must be https enabled.
This command might ask an email address for certificate generation while running and if everything goes well then a congratulations message appears.
You will also find some file getting generated in /etc/letsencrypt/live/domain.com/location
The 4 generated files are:
NOTE: For seeing this list, become a root user by moving ec2-user to root user using this command “sudo su”
Moving ahead update /etc/httpd/conf.d/ssl.conf files
There might be instances when this file is not found in that location. Just add/install the SSL mod on your Apache server.
Here you will find /etc/httpd/cond.d/ssl.conf file for adding location. You can open it with your preferred editor and add/update following location:
After adding this file restarts the apache service again
To finish, enable the HTTPS request in you instance Security groups inbound rule, so that your site can accept the HTTPS request also.
Congratulations!!!! Now your site is SSL verified.