What is SSL?
Secure Sockets Layer (SSL) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.
Fig: How SSL works
What is Let’s Encrypt?
Let’s Encrypt is an open and automated certificate authority that uses the ACME (Automatic Certificate Management Environment ) protocol to provide free TLS/SSL certificates to any compatible client for 90 days. it can be renewed after every 90 days at free of cost.
Implement Let’s Encrypt in aws server step by step
First, you have to login into AWS instance with SSH. For connecting, you can check Connecting to Your Linux Instance Using SSH.
First need to setup cartbot-auto client for let’s encrypt certificate generation. For setup, use the following command:
After setup need to DLSet permission in cartbot-auto .For DLSet permission execute the following command:
chmod a+x certbot-auto
and it looks like as follows
Fig:cartbot-auto client setup
Now we are ready for generating a certificate with “let’s encrypt”. By running the following commands, it will make a request for the certificate and verify the request.
sudo ./certbot-auto –debug -v –server https://acme-v01.api.letsencrypt.org/directory certonly –webroot -w /var/www/html -d add-ssl.us-east-2.elasticbeanstalk.com -d www.add-ssl.us-east-2.elasticbeanstalk.com.
There are 2 important things :
- The first one is -w, which indicates the webroot of your project. In my case, my webroot is /var/www/html .
- And another thing is -d, which indicates which domains need to generate the certificate. In my case, I have added 2 same domain: add-ssl.us-est-2.elasticbeanstalk.com and www.add-ssl.us-est-2.elasticbeanstalk.com .Both should be https enabled.
Fig: Certificate Generated for multiple domains
After Running these commands, it may ask for an email address for certificate generation. If all goes well, you will see the Congratulations message
Fig: Congratulation Message
It also indicates that some files are generated in /etc/letsencrypt/live/domain.com/ location.
Four files will be generated:
NOTE: To see this list you need to be the root user. You can move ec2-user to root user using this command sudo su.
Fig: Generated certificate files
Now need to update /etc/httpd/conf.d/ssl.conf file.
Maybe you don’t have this file in that location. Then you need to add/install the SSL mod on your Apache server.
yum install mod24_ssl
Now you will find /etc/httpd/cond.d/ssl.conf file for adding the location. Now open it with your favorite editor and add/update following locations:
Fig: Update Certificate location for let’s encrypt
After adding these, need to restart the apache service with the following command :
sudo service httpd restart
Now the last step. You need to enable the HTTPS request in your instance security groups inbound rule so that your site can accept the HTTPS request also.
Fig: Add HTTPS listener for AWS instance, Security Groups inbound rules
Congratulations !!!! Now your website is SSL verified￼.
Fig: SSL verification is successful.
LEAVE A COMMENT
We would love to hear from you and we appreciate the good and the bad.