How to integrate free SSL certificate into AWS instance with Let’s Encrypt

What is SSL ?

Secure Sockets Layer (SSL) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.

How SSL works

What is Let’s Encrypt ?

Let’s Encrypt is an open and automated certificate authority that uses the ACME (Automatic Certificate Management Environment ) protocol to provide free TLS/SSL certificates to any compatible client for 90 days. it can be renewed after every 90 free of cost

Implement Let’s Encrypt in aws server step by step

First you have to login in AWS instance with ssh. For connecting you can check Connecting to Your Linux Instance Using SSH

First need to setup cartbot-auto client for let’s encrypt certificate generation. for setup

wget https://dl.eff.org/certbot-auto

After setup need to set permission in cartbot-auto

chmod a+x certbot-auto 

and it looks like

cartbot-auto client setup

Now we are ready for generating certificate with let’s encrypt. running following command it will make a request for certificate and verify the requests

sudo ./certbot-auto --debug -v --server https://acme-v01.api.letsencrypt.org/directory certonly --webroot -w /var/www/html -d add-ssl.us-east-2.elasticbeanstalk.com -d www.add-ssl.us-east-2.elasticbeanstalk.com

There is 2 important things -w indicates the webroot of you your project in my case my webroot is /var/www/html . And another things is -d indicate that which domains need to generates the certificate in my case I have added 2 same domain add-ssl.us-est-2.elasticbeanstalk.com and www.add-ssl.us-est-2.elasticbeanstalk.com both should be https enabled

Certificate Generate for multiple domain

By Running this command it may ask for a email address for certificate generation. if all goes well then you should see the Congratulations message

Congratulation Message

It also indicate that some file is generated in /etc/letsencrypt/live/domain.com/ location

There are four file generated

cert.pem
chain.pem
fullchain.pem
privkey.pem

NOTE: To see this list you need to be root user. You can move ec2-user to root user using this command sudo su

Generated certificate files

Now need to update /etc/httpd/conf.d/ssl.conf file

May be you don’t have this file in that location. Then you need to add/install the SSL mod on your Apache server.

yum install mod24_ssl

Install mod24_ssl

Now you will find /etc/httpd/cond.d/ssl.conf file for adding location. Now open it with your favorite editor and add/update following location

SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/fullchain.pem

Update Certificate location for let’s encrypt

after adding this need to restart the apache service

sudo service httpd restart

Now the last step. You need to enable the HTTPS request in you instance Security groups inbound rule, so that your site can accept the HTTPS request also

Add HTTPS listener for AWS instance, Security Groups inbound rules

Congratulations !!!! Now your site is SSL verified

SSL verification Successfully