What is Let’s Encrypt?
Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. It launched on April 12, 2016. Let’s Encrypt certificates are valid for 90 days, during which renewal can take place at any time.
How to Install Let’s Encrypt on Amazon Linux 2?
First, you need to create an instance with base AMI as Amazon Linux 2. Amazon Linux 2 is the next-generation Amazon Linux operating system. It provides a high-performance, stable, and secure execution environment for cloud and enterprise applications. Amazon Linux 2 will offer extended availability of software updates for the core operating system through 5 years of long-term support and provides access to the latest software packages through the Amazon Linux Extras repository.
Once you have created the instance, then connect to the instance using Putty for Windows and Terminal for Mac / Linux. After connecting to your instance, please run the following commands.
First update the YUM package. YUM (Yellowdog Updater Modified) is an open-source command line as well as a graphical-based package management tool for RPM (RedHat Package Manager) based Linux systems. It allows users and system administrators to easily install, update, remove, or search software packages on a system. So sudo yum update -y basically updates all packages to the latest version from a repository list which is managed by Amazon for Amazon Linux 1. This is always a good practice to run “yum update” first before you install any software.
sudo yum update -y
Then enable PHP 7.4 via Amazon-Linux-extras.
sudo amazon-linux-extras enable php7.4
Next run, this command to clear the metadata.
yum clean metadata
After that install Apache and Apache SSL module. Apache is the web server and mod_ssl is the SSL module for installing the SSL certificate.
sudo yum install httpd mod_ssl -y
Next, you install PHP and the required PHP extensions.
sudo yum install php php-cli php-mysqlnd php-pdo php-common -y
Install additional php extensions if it’s required on your project. This part is optional.
sudo yum install php-gd php-mbstring php-xml php-dom php-intl php-simplexml -y
Once you have set up everything, please start the Apache server by running this command.
sudo systemctl start httpd
We also need to start Apache at Boot time. To do this, please run this command.
sudo systemctl enable httpd
Next, create a virtual host and point the folder to the domain/subdomain. An example of virtual host configuration is given on my other blog.
So far we have installed Apache server and PHP 7.4. Next, we need to enable EPEL so that we can install Certbot. To enable EPEL please run the following commands.
sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm sudo yum-config-manager --enable epel
Once we install enabled EPEL, then we need to Install Certbot. This is the tool that will fetch the SSL certificate from EEF and setup into our server.
sudo yum install certbot python2-certbot-apache -y #Request and install SSL certificate sudo certbot --apache
To renew the Certificate automatically you need to set a cronjob via crontab. The commands are given below.
sudo crontab -e
After running this command, you will see a new blank screen for editing. Over there you need to give the commands which need to be executed and also time and free frequency.
0 3 * * * sudo certbot renew >/dev/null 2>&1
The command above will run this renewal command everyday morning at 3 AM.
I created a full video as well so that you can see how I can run those commands.
SSL is an important aspect of the security of a website. Without SSL users don’t feel safe with their data and now days google doesn’t rank non-SSL sites at the top. So in this article, I have discussed how you can install an SSL certificate for free using Letsencrypt and make your site secure.
If you want to learn more about security, then I suggest reading this Book from Amazon.