How to enable free HTTPS on AWS EC2 (without ELB)
Thank you for your continued support.
This article contains advertisements that help fund our operations.
Table Of Contents
I summarized the method of enabling HTTPS using LetsEncrypt on AWS EC2.
Introduction
Many articles on enabling free HTTPS on EC2 in the world use Elastic Load Balancing, a service that costs about 2000 yen per month, or Amazon CloudFront, a pay-as-you-go service. However, I want to implement it using Let's Encrypt, a service that provides free SSL certificates, as written in the AWS documentation.
Prerequisites
- Amazon Linux 2
- Fixed IP with Elastic IP configured
- Public access with http on custom domain completed
- Running Apache with httpd
Related article Deploying PHP7.4 + Laravel6 project on AWS EC2
References
Implementation
Let's implement using the tool called Certbot.
Let's Encrypt issues SSL certificates with a validity period of three months.
Connect to the EC2 instance via ssh
In the directory where the private key .pem file is located, run:
$ ssh -i "*****.pem" ec2-user@12.345.678.910Once inside the EC2, prepare with the following commands:
sudo wget -r --no-parent -A 'epel-release-*.rpm' http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
sudo yum-config-manager --enable epel*
sudo yum repolist allThe above commands install the EPEL repository package on the EC2.
The fourth command is to verify if repolist is installed.
Take a backup before editing the Apache configuration file
The Apache configuration file is located at:
/etc/httpd/conf/httpd.confMake sure to take a backup before editing:
cd /etc/httpd/conf
sudo cp httpd.conf httpd_bak.text
lsThe cp command makes a copy of the file for backup. Confirm if the file has been copied with ls.
Edit the Apache configuration file
Edit the file using the vim command:
sudo vim httpd.conf(Under Listen 80)
Add the following lines:
<VirtualHost *:80>
DocumentRoot "/var/www/html/<<Laravel_project_name>>/public"
ServerName "your_domain"
ServerAlias "www.your_domain"
</VirtualHost>Remember to change DocumentRoot to the path of the Laravel project's public folder, and update ServerName and ServerAlias accordingly.
Restart Apache and check for errors
Restart Apache with the following command:
sudo systemctl restart httpdIf errors occur, revert to the original file:
// If error occurs, revert back.
sudo cp httpd_bak.text httpd.confYou can overwrite the misconfigured file with the backup file.
Install Certbot
sudo yum install -y certbot python2-certbot-apacheInstall the dependencies as well.
Start Certbot:
sudo certbotFollow the prompts to complete the configuration.
Configure security group inbound rules
Finally, configure the security group settings.
Without these inbound settings, the page might not load even after entering the URL.
Add port 443 to the inbound rules.
Once these settings are completed, try accessing the URL to see if it displays properly.
Setup automatic renewal
The certificate you installed is valid for three months.
Set up automatic renewal after three months:
sudo vim /etc/crontabAdd the following line at the end:
39 1,13 * * * root certbot renew --no-self-upgradeRestart the crond service to apply the changes:
sudo systemctl restart crondWith this, automatic renewal is configured.
According to AWS documentation, testing and further security enhancements are recommended after this setup. Be sure to check it out.
[Related article]
Deploying PHP7.4 + Laravel6 project on AWS EC2
Conclusion
That's it!
This process may be daunting for beginners, and mistakes can lead to errors, so taking backups before starting is always a good idea.
