Let’s Encrypt is completely free and automated Certificate Authority (CA) that offers free domain-validation (DV) certificates for your websites. It has an automated installer called Certbot and Certbot certificate can be added to your site with just couple of following steps.
Setting up DNS Records via Route53
- Add
yourdomain.comand choosepublic hosted zonefrom Route53 - Change Name Servers (Namecheap or any Domain Provider)
- Create an EC2 instance and copy instance IP Address
- Goto > Route53 > Hosted zones > yourdomain.com > Create record
- A Record
- Record name: Empty
- Value:
- TTL: 300
- A Record Alias
- Record name: www
- Enable alias option
- Route traffic to: Alias to another record in this hosted zones
- Choose yourdomain.com from the inputbox
- TTL: 300
- A Record
Install SSL certificate on EC2 Instance
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# now login ec2 instance via
ssh -i your-key.pem username@ip_address
# install nginx and certbot
sudo apt update
sudo apt install -y \
nginx \
certbot \
python3-certbot-nginx
# create SSL certficate without wildcard
certbot --nginx -d yourdomain.com -d www.yourdomain.com
# create SSL for wildcard domain
certbot certonly \
--manual \
-d *.yourdomain.com \
--agree-tos \
--manual-public-ip-logging-ok \
--preferred-challenges dns-01 \
--server https://acme-v02.api.letsencrypt.org/directory
# Misc
# curl http://yourdomain.com # double check
certbot certificates # check existed certs
certbot renew --dry-run # to check whether its renew or not
crontab -e # auto renew via cron and add following code commented
# 0 5 * * * /usr/bin/certbot renew --quiet
Now, Install nginx? to test it.