Blog

How to integrate free SSL certificate into AWS Linux instance with Let’s Encrypt

What is SSL?

Secure Sockets Layer (SSL) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of  SSL  technology ensures that all data transmitted between the web server and browser remains encrypted.

.

Fig: How SSL works

What is Let’s Encrypt?

Let’s Encrypt is an open and automated certificate authority that uses the ACME (Automatic Certificate Management Environment ) protocol to provide free TLS/SSL certificates to any compatible client for 90 days. it can be renewed after every 90 days at free of cost.

Implement Let’s Encrypt in aws server step by step

First, you have to login into AWS instance with SSH. For connecting, you can check Connecting to Your Linux Instance Using SSH.

First need to setup cartbot-auto client for let’s encrypt certificate generation. For setup, use the following command:

wget https://dl.eff.org/certbot-auto

After setup need to DLSet permission in cartbot-auto .For DLSet permission execute the following command:

chmod a+x certbot-auto

and  it looks like as follows

Fig:cartbot-auto client setup

Now we are ready for generating a certificate with “let’s encrypt”. By running the following commands, it will make a request for the certificate and verify the request.

sudo ./certbot-auto –debug -v –server https://acme-v01.api.letsencrypt.org/directory certonly –webroot -w /var/www/html -d add-ssl.us-east-2.elasticbeanstalk.com -d www.add-ssl.us-east-2.elasticbeanstalk.com.

There are 2 important things :

  • The first one is -w, which indicates the webroot of your project. In my case, my webroot is /var/www/html .
  • And another thing is -d, which indicates which domains need to generate the certificate. In my case, I have added 2 same domain: add-ssl.us-est-2.elasticbeanstalk.com and www.add-ssl.us-est-2.elasticbeanstalk.com .Both should be https enabled.

Fig: Certificate Generated for multiple domains

After Running these commands, it may ask for an email address for certificate generation. If all goes well, you will see the Congratulations message

Fig: Congratulation Message

It also indicates that some files are generated in /etc/letsencrypt/live/domain.com/ location.

Four files will be generated:

cert.pem

chain.pem

fullchain.pem

privkey.pem

NOTE: To see this list you need to be the root user. You can move ec2-user to root user using this command sudo su.

Fig: Generated certificate files

Now need to update /etc/httpd/conf.d/ssl.conf file.

Maybe you don’t have this file in that location. Then you need to add/install the SSL mod on your Apache server.

yum install mod24_ssl

Fig:Install mod24_ssl

Now you will find /etc/httpd/cond.d/ssl.conf file for adding the location. Now open it with your favorite editor and add/update following locations:

SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem

SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem

SSLCertificateChainFile /etc/letsencrypt/live/domain.com/fullchain.pem

Fig: Update Certificate location for let’s encrypt

After adding these, need to restart the apache service with the following command :

sudo service httpd restart

Now the last step. You need to enable the HTTPS request in your instance security groups inbound rule so that your site can accept the HTTPS request also.

Fig: Add HTTPS listener for AWS instance, Security Groups inbound rules

Congratulations !!!! Now your website is SSL verified.

Fig: SSL verification is successful.

Thank you!

TechCare!

LEAVE A COMMENT
We would love to hear from you and we appreciate the good and the bad.

Share this:

Leave a Reply

GO TOP