Cancel

Install SSL/TLS Certificate using Certbot

Install SSL/TLS Certificate using Certbot

Let’s Encrypt is completely free and automated Certificate Authority (CA) that offers free domain-validation (DV) certificates for your websites. It has an automated installer called Certbot and Certbot certificate can be added to your site with just couple of following steps.

Setting up DNS Records via Route53

  • Add yourdomain.com and choose public hosted zone from Route53
  • Change Name Servers (Namecheap or any Domain Provider)
  • Create an EC2 instance and copy instance IP Address
  • Goto > Route53 > Hosted zones > yourdomain.com > Create record
    • A Record
      • Record name: Empty
      • Value:
      • TTL: 300
    • A Record Alias
      • Record name: www
      • Enable alias option
        • Route traffic to: Alias to another record in this hosted zones
        • Choose yourdomain.com from the inputbox
      • TTL: 300

Install SSL certificate on EC2 Instance

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# now login ec2 instance via
ssh -i your-key.pem username@ip_address

# install nginx and certbot
sudo apt update
sudo apt install -y \
  nginx \
  certbot \
  python3-certbot-nginx

# create SSL certficate without wildcard
certbot --nginx -d yourdomain.com -d www.yourdomain.com

# create SSL for wildcard domain
certbot certonly \
  --manual \
  -d *.yourdomain.com \
  --agree-tos \
  --manual-public-ip-logging-ok \
  --preferred-challenges dns-01 \
  --server https://acme-v02.api.letsencrypt.org/directory

# Misc
# curl http://yourdomain.com # double check
certbot certificates # check existed certs
certbot renew --dry-run # to check whether its renew or not
crontab -e # auto renew via cron and add following code commented
# 0 5 * * * /usr/bin/certbot renew --quiet

Now, Install nginx? to test it.