When you create a server in AWS for production, you will want to add a domain name for it. With a domain name you can encrypt communication to the server. (If you access a website by its IP address, you cannot have encrypted communication.) Let’s Encrypt is a free, popular tool from the ISRG that encrypts over 600 million websites.
Amazon Linux 2023 is a Linux distribution from Amazon Web Services. It resembles the Fedora Linux distribution and many commands work out of the box. The use case for adding SSL/TLS to a website this way is a single instance EC2 when you don’t want to setup AWS’s Certificate Manager on the load balancer or Cloudfront distribution.
Depending on the kind of web server (Apache, Nginx, etc.) the commands will vary slightly.
For Apache:
sudo dnf -y install certbot python3-certbot-apachesudo certbot --apache -d yourdomain.com -d www.yourdomain.com
For Nginx:
sudo dnf -y install certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com --email you@yourdomain.com --agree-tos
Then, to automatically renew the certificate every 90 days, run the following command:
sudo systemctl certbot-renew.timer
Finally, you can also verify your installed certificates by:
- going to https://yourdomain.com,
- asking certbot to show what is installed:
sudo certbot certificates - looking inside the certificates folder:
ls /etc/letsencrypt/live
Recent Comments