This tutorial will show you step by step on how to install Certbot on EC2 Ubuntu 18.04. Certbot provides an easy way to obtain and install trusted certificates for free from Let’s Encrypt. With Certbot, you can establish a secure encrypted connection between a web server and a client browser.
The SSL certificate issued by Let’s Encrypt only valid for 90 days and you will need to renew it order to get a new certificate.
In this tutorial, you will learn the following
- Install Certbot
- configuration
- Obtain SSL
- auto-renew SSL
Requirement
- familiar with Linux commands line.
- remote server access (aws instance or Linode server).
- user with Sudo access.
1. ssh to your server
for Linode server run the following command to connect to your server.
ssh user@my_ip_address
for AWS account, you may need to change to security key file ownership with the following command.
sudo chmod 600 aws_swagasoft.pem
Then run the below command to connect to your remote server.
ssh -i aws_swagasoft.pem ubuntu@my_ip_address
2. Download and install certbot for repository updates.
sudo add apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get update
3. install certbot on your Ec2 ubuntu 18.04
sudo apt-get install certbot python -certbot-apache
4. configure apache virtual host
cd /etc/apache2/sites-available/
you can remove the existing apache default configuration file and create a new virtual host.
sudo nano my_vhost_http.conf
copy-paste the apache configuration and replace [example.com] with your domain name.
<VirtualHost *:80>
ServerAdmin webmaster@example.com
DocumentRoot /var/www/example.com/
ServerName example.com
ServerAlias www.example.com
<Directory /var/www/example.com/>
Options +Includes
Options +FollowSymlinks -Indexes
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
5. run certbot in either way.
1. certbot will generate SSL certificate and create a new apache configuration file for your new virtual host HTTPS by running the below command
sudo certbot --apache
2. The certbot will generate the SSL certificate only without modifying your apache configurations file by running the below command.
sudo certbot certonly --apache
6.Generate SSL Certificate
since I do not have https apache configuration I will choose step 6, option 1.
sudo certbot --apache
cerbot require your email address
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): example@gmail.com
choose A to agree to certbot terms of service.
Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory (A)gree/(C)ancel: A
if you want to receive an update choose Yes.
Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom.
(Y)es/(N)o: Y
Choose the domain names you want to obtain a certificate.
Which names would you like to activate HTTPS for? 1: example.com 2: www.example.com Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): Obtaining a new certificate Performing the following challenges: http-01 challenge for example.com Waiting for verification… Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/my_vhost_http-le-ssl.conf Deploying Certificate to VirtualHost /etc/apache2/sites-available/my_vhost_http-le-ssl.conf Enabling available site: /etc/apache2/sites-available/my_vhost_http-le-ssl.conf Deploying Certificate to VirtualHost /etc/apache2/sites-av
choose 2 to redirect all HTTP traffic to HTTPS
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/my_vhost_http.conf to ssl vhost in /etc/apache2/sites-available/my_vhost_http-le-ssl.conf
Next...
Congratulations! You have successfully enabled https://example.com and https://www.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=example.com https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com IMPORTANT NOTES: Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem Your cert will expire on 2019-11-30. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew all of your certificates, run "certbot renew" If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Now verify your website domain using
https://your_domain.com
7. Renew SSL certificate with corn service.
the following command creates a corn task to automate the SSL certificate renewal.
crontab -e
add the following
@weekly /usr/bin/certbot renew >> /var/log/letsencrypt-renew.log
save and restart cron service
sudo service restart cron restart
Conclusion
with this article, you have learned how to obtain an SSL certificate for your server and automate auto-renewal configuration. I also urge you to read certbot documentation for more clarity.
 On AWS EC2 Instance Ubuntu 18.04){kind=link}
0 Comments