Skip to main content

AWS EC2 Add free ssl https with auto renewal

How to add free SSL with auto renewal in Amazon web services(AWS) server EC2 Linux


In this tutorial we will integrate free SSL certificate for our website that is hosting on Amazon Linux 2 AMI and also we will make it auto renewal so after expiration of our certificate it will auto renew it without doing anything.

So keep follow below steps.

First we need Putty and ppk file to connect our server through terminal. If you do not know about Putty, then Putty is a software that we can use to connect to any server through ssh and PPK file we can generate through PEM file , AWS provides PEM file when we create an instance and it generates only one time so you need to use that and by using that you need to establish a connection with server.

Now After successful connection we can see a screen like below screenshot:

So first we will run  a command to check our server is running

STEP 1 : Enable TLS

sudo systemctl is-enabled httpd


It will return "enabled" , if it not return "enabled" then we need to run our server by using below command

sudo systemctl start httpd && sudo systemctl enable httpd
Now run below command to update server softwares before starting ssl steps:

sudo yum update -y

Now we will  install the Apache module mod_ssl  by using below command to add TLS support.

 sudo yum install -y mod_ssl
Now go to cert directory and generate a dummy certificate and key by using below 2 commands.
 cd /etc/pki/tls/certs
 sudo ./make-dummy-cert localhost.crt

the above command will generate a testing file that contains certificate and a private key.

Now this one is the important step so do not skip it, we need to comment a line because testing certificate also have the key.

Run below commands to edit and comment the target line

sudo vim /etc/httpd/conf.d/ssl.conf

Now above command will show file in read only mode so press "i" and enter , this will enable edit mode in vim editor and then search 

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
and comment this line by adding hash (#) before it so after adding hash press "esc" and then type :wq and press enter, that will save your file.

After comment it will be like 
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

Now we need to restart our server so run below command:

sudo systemctl restart httpd


DONE ! Now our server support HTTPS (secure HTTP) over port 443.

STEP 2: Integrate Let's Encrypt SSL certificate with Certbot on aws linux ec2 server

Now go to the main directory by using below command.

cd /home/ec2-user

To install extra packages that is required for Certbot dependencies , run the below commands

sudo wget -r --no-parent -A 'epel-release-*.rpm' http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
Now after the above command run the below one to enable extra packages which is required.
sudo yum-config-manager --enable epel*

Now we need to run below command 

sudo vim /etc/httpd/conf/httpd.conf

this command will open a file . Search the "Listen 80" in this file and then press "i" to make file editable then enter below code after "Listen 80" line

<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName "yourdomain.com"
    ServerAlias "www.yourdomain.com"
</VirtualHost>

In the above code replace "yourdomain.com" with your website domain name. Now press  ESC and type :wq to write and quit the vim editor

Save the file and restart Apache.

sudo systemctl restart httpd

Now we need to install Certbot 

sudo yum install -y certbot python2-certbot-apache

 Now we need to run Certbot. To run it ,type below command and press enter:

sudo certbot

Now you will see a screen that ask you to enter email address, so enter email address and press enter


Then you will see a screen to ask to agree to the Let's Encrypt Terms of Service. Enter "A" and press Enter to proceed. 


certbot with lets encrypt auto renewal

Now it will ask to add your email  to their mailing list, enter "Y" or "N" and press Enter.

how-to-add-https-to-any-website-using-letsencrypt


Then Certbot will  display the Common Name and Subject Alternative Name (SAN) that we have provided in the VirtualHost cost. 

"Which names would you like to activate HTTPS for?"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: yourwebsite.com
2: www.yourwebsite.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):"

Here i have entered "1" because i want to enable for only first one , but you can do it for both too. After enter Certbot will do verification and you will see a congrats message like below screenshot

aws-simple-steps-to-add-ssl

Congratulations! we have successfully added https to our website on amazon ec2 linux 2 server. Now you can run a test or can go to ssl testing website and check it. it will work :)


How to do Lets Encrypt SSL certificate auto renewal


Free SSL certificates comes with  3 months expiry date but with Certbot we can set auto renewal so our SSL will never expire.

To automate Certbot we need to add cronjob that will check our ssl certificates periodically and update it on expiration. Here we are adding command to check two times in a day and run at 01:39 and 13:39 every day.

sudo crontab -e


and then press "i" to do modifications and add below line in this file

 

39 1,13  *   *   *  root    certbot renew --no-self-upgrade


Now restart the cron by using below command

sudo systemctl restart crond


DONE!!! Now you can see your ssl is integrated and your website is secure. Thanks for reading . Happy Coding :)



Labels:

Comments

  1. Eddam Stephen19 February 2021 at 22:35

    this is a very nice post and very informative, thanks alot for sharing keep it up..
    Best Linux Shared Hosting in USA

    ReplyDelete

Post a Comment

Popular posts from this blog

Run and compile sass scss file to css using node

  Today we learn how to use scss and generate css using node  or Run and compile sass scss file to css using node   So please follow simple  steps :-   Today we will create a project that can read scss file and generates css with it  Note: Make sure you have installed node in your system. If you want to help to install node js based on your system then check our other tutorial or check node js official website. Now create a blank folder and open  terminal(linux) or cmd(windows) and navigate to your current project folder by using cd command Now run below command npm init after enter it will ask you some package info that you can fill according to you or just keep enter until it finished. The above command will generate package.json file Now  we will install npm module that will convert our scss to css Run below command: npm install node-sass So we have installed node-sass package . Now open package.json file in your...
12 comments
Read more

How to retrieve Facebook Likes, share , comment Counts

function facebook_count($url){     // Query in FQL     $fql  = "SELECT share_count, like_count, comment_count ";     $fql .= " FROM link_stat WHERE url = '$url'";     $fqlURL = "https://api.facebook.com/method/fql.query?format=json&query=" . urlencode($fql);     // Facebook Response is in JSON     $response = file_get_contents($fqlURL);     return json_decode($response); } $fb = facebook_count('https://www.facebook.com/BahutHoGyiPadhai'); // facebook share count echo $fb[0]->share_count;  echo "like"; // facebook like count echo $fb[0]->like_count ; echo "comment"; // facebook comment count echo $fb[0]->comment_count;  ?>
18 comments
Read more

Solution-windows 'expo' is not recognized as an internal or external command

Solution for expo is not recognized as an internal or external command,operable program or batch file in Windows 10 Sometimes expo will not work globally mostly in windows 10, If you are facing same issue then follow the below Steps 1) Click on windows button and search for  " Environment variables"  and click on "Edit the system environment variables" 2) Now you will see a popup like below screen. Then you need to click on Environment Variables. (Please see highlight part in below image)     3)Then click on new button that i have highlighted in below image 4. Then a popup will open and you need to fill details like below mentioned Variable Name :Path Variable Value: %USERPROFILE%\AppData\Roaming\npm Here we are creating a new path variable and passing location of npm.   Now Click on OK and close all the terminal windows and open new CMD or terminal and type Expo . Great now you can access expo from any...
23 comments
Read more