How to Setup SSL certificate into your AWS EC2 instance 2021

In this tutorial, I have shown you, how to set up Letsencrypt free SSL certificate into your AWS ec2 instance. But before that, let’s discuss what is Letsencrypt.

What is Lets’encrypt

According to Wikipedia Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. It launched on April 12, 2016. Let’s Encrypt certificates are valid for 90 days, during which renewal can take place at any time. 

So now we know that Letsencrypt is a service that provides free SSL certificates to any website using Certbot, then our next discussion topic is how we can set up Lets’encrypt in our AWS ec2 instance.

How to Setup Lets’encrypt in AWS EC2 instance

First set up an EC2 instance in AWS, by following my other article.

Then run these commands to install PHP / Apache into your Amazon Linux instance. I will explain each commands one by one.

#!/bin/bash
sudo yum update -y

The first line in this code block is for shebang ( #!/bin/bash). In computing, a shebang is the character sequence consisting of the character’s number sign and an exclamation mark at the beginning of a script. It is also called sha-bang, hashbang, pound-bang, or hash-pling. This indicates an interpreter for execution under UNIX / Linux operating systems. Most Linux shell and Perl / python script starts with the following line.

The next line is sudo yum update -y. Using this command we are updating YUM. YUM (Yellowdog Updater Modified) is an open-source command-line as well as graphical-based package management tool for RPM (RedHat Package Manager) based Linux systems. It allows users and system administrators to easily install, update, remove, or search software packages on a system. So sudo yum update -y basically updates all packages to its the latest version from a repository list which is managed by Amazon for Amazon Linux 1. This is always a good practice to run “yum update” first before you install any software.

sudo yum install -y httpd24 php72  php72-mysqlnd php72-mbstring
sudo yum install -y php72-mcrypt php72-zip php72-intl php72-gd

The above two lines install Apache 2.4 along with PHP 7.2 and some common PHP extensions like mysqlnd, mbstring, mcrypt, zip, intl and gd. These extensions are optional and you should only install it if it’s used in your project. In my case, I always use these PHP extensions because they are always used in my projects.

sudo service httpd start
sudo chkconfig httpd on

Next, these two lines above start the Apache server and then set Apache to start at boot time. This command actually sets Apache to start automatically when the server reboots. This is really important to remember otherwise you need to manually start your Apache server when the system reboots.

sudo groupadd www
sudo usermod -a -G www ec2-user
sudo usermod -a -G www apache
sudo chown -R ec2-user /var/www
sudo chgrp -R www /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} +
find /var/www -type f -exec sudo chmod 0664 {} +

Above 7 lines of code creates a group “www” and adds the user “ec2-user” and “apache” user to that group. Then it assigns proper permission to the files and folders.

Next, we are going to install the SSL module for Apache and then restart the apache server.

sudo yum install mod24_ssl
sudo service httpd restart

Once you have done the setup of your PHP / Apache software, then create a virtual host by following my article here.

After that, you need to set up a Letsencrypt certbot. To do this run the following command.

cd ~
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

After you have downloaded the Certbot, you need to create virtual hosting for your domain/sub-domain. A detailed explanation is given here.

Next, run this command to request an SSL certificate.

#Requesting a certificate 
sudo ~/certbot-auto --debug --apache

That’s it. So using these simple steps, you can set up SSL in your amazon EC2.

A detailed video is shown here.

Conclusion

In summary, I can say that PHP is one of the most popular languages when it comes to web development. It’s super-fast, secure, and easy to use. With a combination of PHP and Apache, it’s unbeatable in terms of performance. Many many popular CMS is written on PHP for this reason and if you want to set up a blog or e-commerce site then chances are that it’s already developed in PHP. So learning how to secure your PHP with Apache in AWS can be really handy and I would definitely suggest practicing this by yourself so that you can become an expert on it.

Atiqur Rahman

I am MD. Atiqur Rahman graduated from BUET and is an AWS-certified solutions architect. I have successfully achieved 6 certifications from AWS including Cloud Practitioner, Solutions Architect, SysOps Administrator, and Developer Associate. I have more than 8 years of working experience as a DevOps engineer designing complex SAAS applications.

This Post Has 4 Comments

  1. Matt

    A quick question Atiqur, I already install WHM but I can’t access it because I don’t have the SSL Certificate,I have an instance with the WHM, should I create another instance or I need to find a way to installed into WHM?

    1. Atiqur Rahman

      Hi Matt,
      Thanks for your question.
      Indeed, when you first install WHM, SSL not installed. To login to the WHM you need to go to some URL like this https://{ip}:2087
      If there is no SSL then you will get a warning, but you can ignore the warning and still can log in to WHM. From the WHM control panel, you can install free SSL and remove the warning.

  2. Ajmal

    Hi Atiqur,Do these steps works in ubuntu server EC2 instance

    1. atiqur

      No, these instructions are valid for only amazon Linux 1

Leave a Reply