AWS — LetsEncrypt

How To Install TLS / SSL LetsEncrypt Certs on Remote Ubuntu Server 20.04 — AWSSeries # Episode 04

Published in

Jungletronics

7 min readJan 9, 2021

Hi, all the work from previous AWS Series episodes was for that moment: installation of digital certificates by LetsEncrypt! Get playlist now!

Yeah, LetsEncrypt is a CA.

To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA).

With Shell Access we can use the Certbot ACME client to get one free\o/.

Shell access is also known as SSH access to your web host:)

Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your webserver.

Our intention about Let’s Encrypt is to place the green padlock on our newly created IP (j3.blog.br) and reuse the generated certificates to use it with the mosquitto broker.

Let’s just do it!

We already have a Non-SSL IP: www.j3.blog.br!

Fig 1. Look …my domain is insecure:/ Not anymore after I running LetEncrypt Certbot :)

Fig 2. Ooops!! Insecure connections; Mozilla Firefox is huffing under a heavy load:/

Fig 3. Testing on Qualys SSL Labs our DNS www.j3.blog.br that points to Cloud AWS Ubuntu!

Great! See the result:

Fig 4. Testing before installing the digital certificate; From https://www.sslshopper.com/ssl-checker.html

No secure protocols supported!

Fig 6. Note “Not secure” in front of our IP :/ Enough!

Well, not anymore… Let’s fix it!

Now let’s give it security!

Let’s use LetsEncrypt!

00#Step —Access your AWS remote Ubuntu server via PuTTY:

Fig 7. Accessing remote cloud Ubuntu via PuTTY SSH client.

01#Step —Run only these three lines on your remote Ubuntu 20:

#-----------------------------------------------------------$ sudo apt install certbot python3-certbot-apache$ sudo certbot --apache4#Checks whether SSL renewal is taking place successfully;$ sudo certbot renew --dry-run4#-----------------------------------------------------------To remove:$ sudo find /etc/letsencrypt/ -name "*www.j3.blog.br*"
$ sudo certbot delete --cert-name MyDomain
$ sudo certbot delete --cert-name www.j3.blog.brOr remove manually:$ sudo rm -rf /etc/letsencrypt/live/${DOMAIN} rm -rf 
$ sudo /etc/letsencrypt/renewal/${DOMAIN}.conf rm -rf 
$ sudo /etc/letsencrypt/archive/${DOMAIN}#-----------------------------------------------------------

These three lines are all you’ll need!

It took care to guarantee safe access to our Apache server running on Ubuntu in the cloud and install your certificate in a painless process to obtain a certificate, securely configure it for use and automatically take care of renewal.

Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your webserver.

In order to use Certbot for most purposes, you’ll need to be able to install and run it on the command line of your web server, which is usually accessed over SSH (PuTTY, in my case). A command line is a way of interacting with a computer by typing text-based commands to it and receiving text-based replies.

The first line is to install the Certbot Python package software on your Apache server via PuTTY (apt install certbot python3-certbot-apache);

Just like that! No stop. No frills…

The second line (sudo certbot — apache) just get Certbot implementation for Apache Server.

The last and final line (sudo certbot renew — dry-run) checks whether SSL renewal is taking place successfully, which means we authorize Certbot LetEncrypt to automatically renew my certificate — something that happens every three months if I’m not mistaken:)

Certainly, you won’t even believe it… That’s it! it’s ready! Your page is secure.

Please watch this vid:

Vid 01. video for more info about the process in the real world!

02#Step — Now, to confirm that Using a browser let’s access our IP domain hosted in the cloud.

Vid 02. Testing SSL LetsEncrypt Certifications \o/

And for this episode, that’s is enough!

In the next post let’s run our MQTT protocol in the cloud using ESP32!

Bye, for now, o/

More about Lets Encrypt

As I’m a lover of the open-source movement, I couldn’t help loving let's Encrypt \o/

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

Here are the basic principles of this brilliant solution:

The key principles behind Let’s Encrypt are:
Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

What services does Let’s Encrypt offer?

Let’s Encrypt is a global Certificate Authority (CA). They let people and organizations around the world obtain, renew, and manage SSL/TLS certificates. Their certificates can be used by websites to enable secure HTTPS connections;

What does it cost to use Let’s Encrypt? Is it really free?

They do not charge a fee for our certificates. Let’s Encrypt is a nonprofit, their mission is to create a more secure and privacy-respecting Web by promoting the widespread adoption of HTTPS. their services are free and easy to use so that every website can deploy HTTPS;

What kind of support do they offer?

Let’s Encrypt is run by a small team and relies on automation to keep costs down. That being the case, they do not able to offer direct support to our subscribers. 
They do have some great support options though:
documentation
community support forums

A website using Let’s Encrypt is engaged in Phishing/Malware/Scam/…, what should I do?

They recommend reporting such sites to Google Safe Browsing and the Microsoft Smart Screen program, which are able to more effectively protect users. Here are the reporting URLs:
https://safebrowsing.google.com/safebrowsing/report_badware/
https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site-guest

Is there a Let’s Encrypt (ACME) client for my operating system?

There are a large number of ACME clients available. Chances are something works well on your operating system. They recommend starting with Certbot.

What is ACME?

Automated Certificate Management Environment (From Wikipedia)

The Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating interactions between certificate authorities and their users’ web servers, allowing the automated deployment of public key infrastructure at very low cost.[1][2] It was designed by the Internet Security Research Group (ISRG) for their Let’s Encrypt service.[1]

Download All The Files for This Project

Credits & References

Microgênios — Treinamento em Sistemas Embarcados — Microchip Regional Partner — Microchip Certified Brazilian Training Education Startup & a Simplício-owned enterprise o/

AWS Essentials — Learn from AWS technical instructors about the AWS Platform, global infrastructure, security, and the core services by Udemy

This course is delivered by actual AWS technical instructors who teach fundamental and advanced AWS courses around the globe. In this course, you will learn essential concepts of the AWS global infrastructure, platform, and core services, so that you can begin, or, continue your journey of growing your business using AWS Cloud technology. We encourage your participation on the discussion board and feel free to ask any questions about the course or AWS certification.

AWS Documentation by Amazon

Verify your SSL, TLS & Ciphers implementation By Chandan Kumar

How To Secure Apache with Let’s Encrypt on Ubuntu 18.04 by By Kathleen Juell and Erika Heidi

General Questions by letsencrypt.org

00#Episode — AWS Essentials — Intro to AWS — AWSSeries

01#Episode — AWS — Login to Ubuntu 20 — Access Remote Ubuntu via PuTTY SSH Session — AWSSeries

02#Episode — AWS — LAMP — Prep our Remote Ubuntu to Run an MQTT Broker — AWSSeries

03#Episode — AWS — IP Plus DNS — How to Link Your Sub/Domain Name With Your AWS Instance Running Ubuntu — AWSSeries

04#Episode — AWS — LetsEncrypt — How To Installing the TLS / SSL LetsEncrypt Certificate on Remote Ubuntu Server 20.04 — AWSSeries (this one)

05#Episode — Soon. Be tuned!:)

I LOVE THESE MAJOR LETS ENCRYPT SPONSORS AND FUNDERS DAMN MUCH❤

Fig 6,7 and 8 — My beloved LetsEncript funders!

Vid 2. Previous AWS Episode — Getting Subdomain links.

…And believe me
I am still alive
I’m doing Science
And I’m still alive
I feel FANTASTIC and
I’m still alive…
(‘Still Alive’ by Jonathan Coulton: http://www.jonathancoulton.com) — song link