Morioh
Login
Maud Rosenbaum

Maud Rosenbaum

3 years ago

This tutorial will help you to configure HTTPS to secure your website using a free SSL certificate authority (CA) letsencrypt for the nginx server in Amazon Linux. Before you begin you must have set up a domain name in your EC2 console to point to the public DNS.

We will be using certbot and Amazon Linux AMI with the user name ec2-user.

Here are the steps:

  • Go to home/ec2-user
- cd /home/ec2-user
  • Install certbot-auto
- wget https://dl.eff.org/certbot-auto
  • Change the permission of certbot-auto
- chmod a+x ./certbot-auto
  • Generate certificate
- ./certbot-auto certonly --standalone --debug -d yourdomain.com

Fill in the information asked like your email address. If this is successful, you’ll get a message like:

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/yourdomain.com/fullchain.pem. Your cert will
expire on yyyy-mm-dd. To obtain a new version of the certificate in
the future, simply run Certbot again.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
Donating to EFF:                    https://eff.org/donate-le

You can verify that the certificate and keys exist:

## Certificate
/etc/letsencrypt/live/yourdomain.com//cert.pem

## Full Chain 
/etc/letsencrypt/live/yourdomain.com//fullchain.pem
## Private Key 
/etc/letsencrypt/live/yourdomain.com//privkey.pem
  • Modify **nginx** configuration

Now you’ve got the certificate, we need to configure the nginx for it to take up HTTPS requests.

Open /etc/nginx/nginx.conf and modify:

...
http {
  ...

 server {
       listen 80;
       server_name yourdomain.com;
       location /{
         ## Automatically route HTTP to HTTPS
               return 301 https://$server_name$request_uri;
       }
}
server {
    listen 443 ssl;
    server_name yourdomain.com;
    ssl_certificate "/etc/letsencrypt/live/yourdomain.com/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/yourdomain.com/privkey.pem";

    add_header Strict-Transport-Security "max-age=31536000";
    #other headers
    location / {
      autoindex on;
      root /yourdomain.com/build/; #root path of your domain's index file
      index index.html;
      try_files $uri $uri/ /index.html;
    }
  }
}

Now, you can start/restart the nginx server.

- sudo service nginx restart

Note that the certificate expires in 3 months, you can set up a cron job to automatically renew it. Sample cron job:

Add cron job to renew certificate like:

0 8 28 */3 * /home/ec2-user/certbot-auto renew
10 8 28 */3 * service nginx restart
## Runs at 8AM on 28th of every third month 
If renew fails, then stop nginx and do the renew process again

#lets-encrypt #nginx #aws #https #certbot #linux

How to install SSL certificate for Nginx server in Amazon Linux

levelup.gitconnected.com

How to install SSL certificate for Nginx server in Amazon Linux

This tutorial will help you to configure HTTPS to secure your website using a free SSL certificate authority (CA) letsencrypt for the nginx server in Amazon Linux. Before you begin you must have set up a domain name in your EC2 console to point to the public DNS.

37.05 GEEK