Install Let’s Encrypt SSL on Amazon EC2

  1. Login to your ec2 instance through terminal
  2. Download certbot
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto

3. Run certbot to fetch your certificates

$ sudo ./certbot-auto --debug -v --server https://acme-v01.api.letsencrypt.org/directory certonly -d YOUR_WEBSITE_HERE

4. While installing, this will launch a visual wizard and you’ll need to enter an admin email and choose How would you like to authenticate with the ACME CA?

1: Apache Web Server plugin — Beta (apache)
 2: Spin up a temporary webserver (standalone)
 3: Place files in webroot directory (webroot)

5. Choose Place files in webroot directory by typing 3 and enter your web root directory /var/www/html
Once finished with the wizard, you’ll have valid SSL certificates. Now we just need to add them to Apache!

6. certbot will place your certs in the following paths

Certificate: /etc/letsencrypt/live/WEBSITE_URL_HERE/cert.pem
Full Chain: /etc/letsencrypt/live/WEBSITE_HERE/fullchain.pem
Private Key: /etc/letsencrypt/live/YOUR_WEBSITE_HERE/privkey.pem

7. Edit your SSL config

$ sudo nano /etc/httpd/conf.d/ssl.conf

Set SSLCertificateFile to your Certificate path.
Set SSLCertificateKeyFile to your Private Key path.
Set SSLCertificateChainFile to your Full Chain path.

Let’s Encrypt certificates are only valid for 90 days, to avoid ssl error you may consider configuring the certificates to automatically renew by following steps below

$ crontab -e
30 2 * * Sun /home/ec2-user/certbot-auto renew

That’s it, And your free SSL certificates will automatically.