How to setup Letsencrypt with Amazon Linux 2 ( CentOS 7 )

What is Let’s Encrypt?

Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. It launched on April 12, 2016. Let’s Encrypt certificates are valid for 90 days, during which renewal can take place at any time.

How to Install Let’s Encrypt on Amazon Linux 2?

At first you need to create an instance with base AMI as Amazon Linux 2. Amazon Linux 2 is the next generation Amazon Linux operating system. It provides a high performance, stable, and secure execution environment for cloud and enterprise applications. Amazon Linux 2 will offer extended availability of software updates for the core operating system through 5 years of long-term support and provides access to the latest software packages through the Amazon Linux Extras repository.

Once you have created the instance, then connect to the instance using putty for windows and Terminal for Mac / Linux. After connecting to your instance, please run the following commands.

First update the YUM package. YUM (Yellowdog Updater Modified) is an open-source command-line as well as graphical based package management tool for RPM (RedHat Package Manager) based Linux systems. It allows users and system administrators to easily install, update, remove, or search software packages on a system. So sudo yum update -y basically updates all packages to its the latest version from a repository list which is managed by Amazon for Amazon Linux 1. This is always a good practice to run “yum update” first before you install any software.

sudo yum update -y 

Then enable PHP 7.4 via Amazon-linux-extras.

sudo amazon-linux-extras enable php7.4 

Next run, this command to clear the metadata.

yum clean metadata

After that install apache and apache SSL module. Apache is the web server and mod_ssl is the SSL module for installing SSL certificate.

sudo yum install httpd mod_ssl -y 

Next, you install PHP and required PHP extensions.

sudo yum install php php-cli php-mysqlnd php-pdo php-common -y

Install additional php extensions if it’s required on your project. This part is optional.

sudo yum install php-gd php-mbstring php-xml php-dom php-intl php-simplexml -y

Once you have setup everything, please start the apache server by running this command.

sudo systemctl start httpd

We also need to start apache at Boot time. To do this, please run this command.

sudo systemctl enable httpd

Next create a virtual host and point the folder to the domain / subdomain. An example of virtualhost configuration is given on my other blog.

So far we have installed Apache server and PHP 7.4. Next, we need to enable EPEL so that we can install Certbot. To enable EPEL please run the following commands.

sudo yum install -y
sudo yum-config-manager --enable epel

Once we install enabled EPEL, then we need to Install Certbot. This is the tool that will fetch the SSL certificate from EEF and setup into our server.

sudo yum install certbot python2-certbot-apache -y

#Request and install SSL certificate 
sudo certbot --apache

To renew the Certificate automatically you need to set a cronjob via crontab. The commands are given below.

sudo crontab -e

After running this command, you will see a new blank screen for editing. Over there you need to give the commands which needs to be executed and also time and free frequency.

0 3 * * * sudo certbot renew >/dev/null 2>&1

The command above will run this renewal command for everyday morning 3AM.

I created a full video as well so that you can see how I can run those commands.


SSL is an important aspect of the security of a website. Without SSL user’s don’t feel safe with their data and now a days google don’t rank non SSL sites at top. So in this article, I have discussed how you can install SSL certificate for free using Letsencrypt and make your site secure.

If you want to learn more about security, then I suggest to read this Book from Amazon.

Leave a Comment

Your email address will not be published. Required fields are marked *