How to setup Letsencrypt with Amazon Linux 2 ( CentOS 7 )

You are currently viewing How to setup Letsencrypt with Amazon Linux 2 ( CentOS 7 )

What is Let’s Encrypt?

Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. It launched on April 12, 2016. Let’s Encrypt certificates are valid for 90 days, during which renewal can take place at any time.

How to Install Let’s Encrypt on Amazon Linux 2?

First, you need to create an instance with base AMI as Amazon Linux 2. Amazon Linux 2 is the next-generation Amazon Linux operating system. It provides a high-performance, stable, and secure execution environment for cloud and enterprise applications. Amazon Linux 2 will offer extended availability of software updates for the core operating system through 5 years of long-term support and provides access to the latest software packages through the Amazon Linux Extras repository.

Once you have created the instance, then connect to the instance using Putty for Windows and Terminal for Mac / Linux. After connecting to your instance, please run the following commands.

First update the YUM package. YUM (Yellowdog Updater Modified) is an open-source command line as well as a graphical-based package management tool for RPM (RedHat Package Manager) based Linux systems. It allows users and system administrators to easily install, update, remove, or search software packages on a system. So sudo yum update -y basically updates all packages to the latest version from a repository list which is managed by Amazon for Amazon Linux 1. This is always a good practice to run “yum update” first before you install any software.

sudo yum update -y 

Then enable PHP 7.4 via Amazon-Linux-extras.

sudo amazon-linux-extras enable php7.4 

Next run, this command to clear the metadata.

yum clean metadata

After that install Apache and Apache SSL module. Apache is the web server and mod_ssl is the SSL module for installing the SSL certificate.

sudo yum install httpd mod_ssl -y 

Next, you install PHP and the required PHP extensions.

sudo yum install php php-cli php-mysqlnd php-pdo php-common -y

Install additional php extensions if it’s required on your project. This part is optional.

sudo yum install php-gd php-mbstring php-xml php-dom php-intl php-simplexml -y

Once you have set up everything, please start the Apache server by running this command.

sudo systemctl start httpd

We also need to start Apache at Boot time. To do this, please run this command.

sudo systemctl enable httpd

Next, create a virtual host and point the folder to the domain/subdomain. An example of virtual host configuration is given on my other blog.

So far we have installed Apache server and PHP 7.4. Next, we need to enable EPEL so that we can install Certbot. To enable EPEL please run the following commands.

sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum-config-manager --enable epel

Once we install enabled EPEL, then we need to Install Certbot. This is the tool that will fetch the SSL certificate from EEF and setup into our server.

sudo yum install certbot python2-certbot-apache -y

#Request and install SSL certificate 
sudo certbot --apache

To renew the Certificate automatically you need to set a cronjob via crontab. The commands are given below.

sudo crontab -e

After running this command, you will see a new blank screen for editing. Over there you need to give the commands which need to be executed and also time and free frequency.

0 3 * * * sudo certbot renew >/dev/null 2>&1

The command above will run this renewal command everyday morning at 3 AM.

I created a full video as well so that you can see how I can run those commands.

Conclusion

SSL is an important aspect of the security of a website. Without SSL users don’t feel safe with their data and now days google doesn’t rank non-SSL sites at the top. So in this article, I have discussed how you can install an SSL certificate for free using Letsencrypt and make your site secure.

If you want to learn more about security, then I suggest reading this Book from Amazon.

Atiqur Rahman

I am MD. Atiqur Rahman graduated from BUET and is an AWS-certified solutions architect. I have successfully achieved 6 certifications from AWS including Cloud Practitioner, Solutions Architect, SysOps Administrator, and Developer Associate. I have more than 8 years of working experience as a DevOps engineer designing complex SAAS applications.

This Post Has 7 Comments

  1. Oscar John

    How can I completely remove letsencrypt ffrom amazon linux 2? I deleted certbot and now I am having apache problems all over

  2. Atiqur Rahman

    To uninstall certbot-auto, you need to do three things:

    If you added a cron job or systemd timer to automatically run certbot-auto to renew your certificates, you should delete it. If you did this by following our instructions, you can delete the entry added to /etc/crontab by running a command like sudo sed -i ‘/certbot-auto/d’ /etc/crontab.

    Delete the certbot-auto script. If you placed it in /usr/local/bin like we recommended, you can delete it by running sudo rm /usr/local/bin/certbot-auto.

    Delete the Certbot installation created by certbot-auto by running sudo rm -rf /opt/eff.org.

  3. Rodrigo

    Im having the error on “sudo certbot –apache”:

    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    The apache plugin is not working; there may be problems with your existing configuration.
    The error was: NoInstallationError(‘Problem in Augeas installation’,)

    1. Atiqur Rahman

      Install the apache plugin first. Check my instructions which says “sudo yum install certbot python2-certbot-apache -y”

  4. Asad

    #Request and install SSL certificate
    sudo certbot –apache
    I was facing an error as I followed your steps, after running the above command in AWS Linux 2 terminal.
    “Unable to find a virtual host listening on port 80. Please add a virtual host for port 80”
    I have used the below steps to fix this error.
    cd /etc/httpd/conf/httpd.conf
    Find this line Listen 80
    Add the below code after changing the domain name.

    DocumentRoot “/var/www/html”
    ServerName “website.com”
    ServerAlias “www.website.com”

    Keep following all the steps as you will be asked for the domain and see two options.
    1: website.com
    2: http://www.website.com
    Select the preferred option and your setting will complete.
    After this finish the remaining two steps mentioned in the above post.
    # sudo crontab -e
    # 0 3 * * * sudo certbot renew >/dev/null 2>&1

  5. Joseph

    Hi Ati,
    I’m trying to install Let’sEncrypt No package python2-certbot-apache on new amazon 2023 but keep getting “No packages available”. It seem like its EOL for new amazon 2023. Do you know what version is compatible?

    Thank you.

  6. Joseph

    Hi Ati,
    I’m trying to install Let’sEncrypt No package python2-certbot-apache on new amazon 2023 but keep getting “No packages available”. It seem like its EOL for new amazon 2023. Do you know what version is compatible?

    Thank you.

Leave a Reply to Atiqur Rahman Cancel reply