Installing a free SSL certificate from Let’s Encrypt on an AWS EC2 instance involves a series of steps. Below is a guide to help you through the process:
- Domain Name: Ensure you have a registered domain name pointing to your AWS EC2 instance.
- Access to EC2 Instance: Make sure you can SSH into your EC2 instance.
Step 1: Connect to Your EC2 Instance
Using the terminal or an SSH client, connect to your EC2 instance:
ssh -i your-key.pem ec2-user@your-instance-ip
Step 2: Install Certbot
- Update your package manager:
sudo yum update
- Install Certbot:
sudo yum install certbot
Step 3: Obtain SSL Certificate
Run Certbot to obtain and install the SSL certificate. Replace
your_domain.com with your actual domain.
sudo certbot --apache -d your_domain.com
sudo certbot --nginx -d your_domain.com
Certbot will prompt you for some information, including your email address and agreeing to the terms of service.
Step 4: Configure SSL Certificate Renewal
Let’s Encrypt certificates expire after 90 days, so it’s crucial to set up automatic renewal.
- Open the crontab editor:
sudo crontab -e
- Add the following line to run Certbot twice daily:
0 */12 * * * certbot renewSave and exit the editor.
Step 5: Test SSL Configuration
Test your SSL configuration to ensure everything is set up correctly.
sudo apachectl configtest
sudo systemctl restart apache2
sudo nginx -t
sudo systemctl restart nginx
Step 6: Configure Security Groups (AWS Firewall)
Ensure that your AWS Security Groups allow traffic on ports 80 (HTTP) and 443 (HTTPS).
Step 7: Update Website Configuration
If you haven’t already, update your website configuration to use HTTPS. For Apache, modify your VirtualHost configuration; for Nginx, update the server block.
Congratulations! You’ve successfully installed a Let’s Encrypt SSL certificate on your AWS EC2 instance. Your website should now be accessible over HTTPS, providing a secure connection for your users.
Remember to regularly check the certificate status and renew it before expiration. You can also automate this process further by configuring Certbot with a web server plugin and setting up a renewal script.