Installing SSL/TLS Certificates on AWS EC2 with Ubuntu and Nginx Configuration

AWS gives you pretty much freedom to config your SSL/TLS so your server can make a request with an encrypting message. To give you a brief idea of what does SSL Certificates do.

SSL Certificates are very tiny data files that bind with a cryptographic key to some details. It will activate the padlock and only allows https protocol to be connected to the webserver.

However, the setup process of the SSL Certificates can be tedious, and it is worthless to configure in AWS that every time by doing the same research. And here are the most important steps to help you get it set up correctly.

Overview:

  1. Setting up an EC2 Instance in AWS
  2. Setting up configuration in Route 53
  3. Setting up SSL with Letsencrypt
  4. Setting up Live Server with Nginx in Ubuntu

Setting up an EC2 Instance in AWS

The first thing to check if your EC2 instance is running properly, and also check also assign the security group with this following configuration:

Adding both Http and Https in the Inbound section, and make sure it opens to public access.

Setting up configuration in Route 53

Once you setup the EC2 instance, you can also set up your domain which associated with the IP from EC2 Instance. Also, make sure the configuration was shown as an example.

Now, you need to create two basic records which it points your domain to the EC2. Let say your IP is 198.51.100.234 , you need to create an “A” record : A 300 198.51.100.234 and also create the second one with the AAAA 3600 198.51.100.234 , and set up the name with www. Both records can ensure your server to redirect from example.com to www.example.com.

If you weren’t sure your setup for the domain, go to the website below to verify if you miss any section in DNS:

https://check-your-website.server-daten.de/

Setting up SSL with Letsencrypt

When everything past the verification, you can connect to your EC2 to set up through the SSH connection.

For more details on setup AWS with ssh login read the documentation: https://www.nginx.com/blog/setting-up-nginx/#aws-setup

So now you log in to Ubuntu, and you should be able to run those commands below to install Certificates.

sudo wget http://nginx.org/keys/nginx_signing.keysudo apt-key add nginx_signing.keycd /etc/aptecho -e "deb http://nginx.org/packages/ubuntu xenial nginx \ndeb-src http://nginx.org/packages/ubuntu xenial nginx" | sudo tee -a sources.list

Now you just need to update system and install Nginx

sudo apt-get update
sudo apt-get install nginx
sudo service nginx start

The Nginx will be started, or you can check with your IP address to confirm.

sudo apt-get update 
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

Don’t forget to update the domain name in Nginx, and go to the path

sudo nano /etc/nginx/conf.d/default.conf

Replace server_name from localhost to yourdomainname.com and the www domain as well www.yourdomainname.com

sudo certbot --nginx -d yourdomainname.com -d www.yourdomainname.com

If there is no error, you should be able to find all your SSL’s file by navigating to this directory and enter 2 for the redirect.

cd /etc/letsencrypts/live/yourdomainname.com
ls

You may need a permission to cd to the directory, so all you need is to:

sudo su
cd /etc/letsencrypts/live/yourdomainname.com

The list of files will be:

cert.pem
chain.pem
fullchain.pem
privkey.pem

Next return back to Nginx config directory:

cd /etc/nginx/conf.d

Basically, there is a default Nginx file, but you don’t want to overwrite it. Just update the name of that file as a backup file:

sudo mv default.conf default.conf.bak
sudo touch serverUbuntu.conf
sudo nano serverUbuntu.conf

Right now the main part to take care of is to replace youdomainname.com with your actual domain

sudo nginx -s reload

Now your server will be shown the secure connect

Same of the encrypt

Setting up Live Server with Nginx in Ubuntu

To test if the server can be run successfully in your Nginx, you can do a quick demo with Node.js . See the example below.

cd ~
touch app.js
// Copy the simple server code below

In order to prevent the server sleep when you quit SSH connection, there is a better library to help you solve the issues.

npm install pm2 -g
pm2 start app.js

Now you can check out the server and it starts for you and if it accidentally shut down, it will restart the app.js for you again.

Automatically Renew SSL Certificates (Optional)

  1. Set this task to run automatically once per month using a cron-job:
    sudo crontab -e
  2. Add the following lines to the end of the crontab file:
    0 0 1 * * /opt/letsencrypt/letsencrypt-auto renew
    0 0 1 * * cd /opt/letsencrypt && git pull

Reference:

https://letsencrypt.org/
https://github.com/Unitech/pm2/
https://www.entrustdatacard.com/pages/ssl/ https://gist.github.com/shijiezhou1/ef63e8a709eb41c9a156263204629408/ https://gist.github.com/shijiezhou1/892ec21d1fbe3f7adc290190c8c1d28c/

Full Stack Developer — Typescript | Javascript | NodeJS | Python |MongoDB | ReactJS | VueJS | EmberJS — Blog writer & Professional writer❤️ @ shijiezhou.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store