Installing SSL/TLS Certificates on AWS EC2 with Ubuntu and Nginx Configuration
AWS gives you pretty much freedom to config your SSL/TLS so your server can make a request with an encrypting message. To give you a brief idea of what does SSL Certificates do.
SSL Certificates are very tiny data files that bind with a cryptographic key to some details. It will activate the padlock and only allows https protocol to be connected to the webserver.
However, the setup process of the SSL Certificates can be tedious, and it is worthless to configure in AWS that every time by doing the same research. And here are the most important steps to help you get it set up correctly.
- Setting up an EC2 Instance in AWS
- Setting up configuration in Route 53
- Setting up SSL with Letsencrypt
- Setting up Live Server with Nginx in Ubuntu
Setting up an EC2 Instance in AWS
The first thing to check if your EC2 instance is running properly, and also check also assign the security group with this following configuration:
Adding both Http and Https in the Inbound section, and make sure it opens to public access.
Setting up configuration in Route 53
Once you setup the EC2 instance, you can also set up your domain which associated with the IP from EC2 Instance. Also, make sure the configuration was shown as an example.
Now, you need to create two basic records which it points your domain to the EC2. Let say your IP is
198.51.100.234 , you need to create an “A” record :
A 300 198.51.100.234 and also create the second one with the
AAAA 3600 198.51.100.234 , and set up the name with www. Both records can ensure your server to redirect from example.com to www.example.com.
If you weren’t sure your setup for the domain, go to the website below to verify if you miss any section in DNS:
Setting up SSL with Letsencrypt
When everything past the verification, you can connect to your EC2 to set up through the SSH connection.
For more details on setup AWS with ssh login read the documentation: https://www.nginx.com/blog/setting-up-nginx/#aws-setup
So now you log in to Ubuntu, and you should be able to run those commands below to install Certificates.
sudo wget http://nginx.org/keys/nginx_signing.keysudo apt-key add nginx_signing.keycd /etc/aptecho -e "deb http://nginx.org/packages/ubuntu xenial nginx \ndeb-src http://nginx.org/packages/ubuntu xenial nginx" | sudo tee -a sources.list
Now you just need to update system and install Nginx
sudo apt-get update
sudo apt-get install nginx
sudo service nginx start
The Nginx will be started, or you can check with your IP address to confirm.
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
Don’t forget to update the domain name in Nginx, and go to the path
sudo nano /etc/nginx/conf.d/default.conf
server_name from localhost to
yourdomainname.com and the
www domain as well
sudo certbot --nginx -d yourdomainname.com -d www.yourdomainname.com
If there is no error, you should be able to find all your SSL’s file by navigating to this directory and enter 2 for the redirect.
You may need a permission to cd to the directory, so all you need is to:
The list of files will be:
Next return back to Nginx config directory:
Basically, there is a default Nginx file, but you don’t want to overwrite it. Just update the name of that file as a backup file:
sudo mv default.conf default.conf.bak
sudo touch serverUbuntu.conf
sudo nano serverUbuntu.conf
Right now the main part to take care of is to replace
youdomainname.com with your actual domain
sudo nginx -s reload
Now your server will be shown the secure connect
Setting up Live Server with Nginx in Ubuntu
To test if the server can be run successfully in your Nginx, you can do a quick demo with
Node.js . See the example below.
// Copy the simple server code below
In order to prevent the server sleep when you quit SSH connection, there is a better library to help you solve the issues.
npm install pm2 -g
pm2 start app.js
Now you can check out the server and it starts for you and if it accidentally shut down, it will restart the app.js for you again.
Automatically Renew SSL Certificates (Optional)
- Set this task to run automatically once per month using a cron-job:
sudo crontab -e
- Add the following lines to the end of the crontab file:
0 0 1 * * /opt/letsencrypt/letsencrypt-auto renew
0 0 1 * * cd /opt/letsencrypt && git pull
https://www.entrustdatacard.com/pages/ssl/ https://gist.github.com/shijiezhou1/ef63e8a709eb41c9a156263204629408/ https://gist.github.com/shijiezhou1/892ec21d1fbe3f7adc290190c8c1d28c/