Integrate Let’s Encrypt on an Amazon Linux AMI EC2 Instance Using Certbot

admin Linux

I’m using some latest Amazon Machine Image ( AMI ) called LAMP Stack PHP 5.3 LTS, Actually i was using some old AMI that released in 2013 and the instance also created at that time. It was almost impossible for me to integrate certbot in it, so that i finally decided to migrate my codeignitor app into new instance that support php 5.3

Here also i struggled so much to integrate certbot but finally i did it by the following steps.

  1. cd /tmp
  2. git clone https://github.com/certbot/certbot
  3. cd certbot
  4. chmod a+x certbot-auto
  5. ./certbot-auto certonly --webroot -w /var/www/html/ -d <domainName> --debug
  6. sudo ln -s /etc/letsencrypt/live/<domainName>/fullchain.pem /jet/etc/apache//server.crt
    sudo ln -s /etc/letsencrypt/live/<domainName>/privkey.pem /jet/etc/apache//server.key
  7. cd /jet/etc/apache
  8.  nano httpd.conf
  9. uncomment the following line of code in httpd.conf file
  10. Include /jet/etc/apache//extra/httpd-ssl.conf
  11. nano extra/httpd-ssl.conf     // uncomment and set the following things with newly created crt and key file paths
  12. DocumentRoot
  13. ServerName
  14. SSLCertificateFile
  15. SSLCertificateKeyFile
  16. restart service by using the following command
  17. /jet/enter restart

Auto-renew your SSL certificates.

You are all set now. But take a note, Let’s Encrypt’s certificates are only valid for 90 days. This is to encourage users to automate their certificate renewal process. You can setup a cron job which will run everyday at a particular time to renew certificates. Certificates are renewed only when they expire.

  • To test the renewal process, you can do a dry run with certbot:
sudo /tmp/certbot/certbot-auto renew --dry-run
  • Then update the crontab:
sudo crontab -e
  • Then, add the following line to crontab:
12 3 * * *   /tmp/certbot/certbot-auto renew --post-hook "sudo /jet/enter restart" >> /etc/letsencrypt/log/renew.log

This runs the renew everyday at 3:12 am. Remember that certs don’t get renewed unless they are near to expiration, and monthly/weekly cron job would cause your existing certs to occasionally be expired already before they get renewed.

 

You can contact me in case you need any help to setup the above things, I will providing premium support

 

Leave a Comment

Your email address will not be published. Required fields are marked *