What is Let’s Encrypt?
Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. It launched on April 12, 2016. Let’s Encrypt certificates are valid for 90 days, during which renewal can take place at any time.
How to Install Let’s Encrypt on Amazon Linux 2?
At first, you need to create an instance with base AMI as Amazon Linux 2. Amazon Linux 2 is the next-generation Amazon Linux operating system. It provides a high-performance, stable, and secure execution environment for cloud and enterprise applications. Amazon Linux 2 will offer extended availability of software updates for the core operating system through 5 years of long-term support and provides access to the latest software packages through the Amazon Linux Extras repository.
In this instance creation process put this code in the user data section. This will help you to run this code when a new instance is created. You don’t need to run it manually if you put this in the user data section.
#!/bin/bash sudo yum update -y sudo yum install httpd mod_ssl -y sudo amazon-linux-extras enable php8.0 sudo yum clean metadata sudo yum install php php-cli php-mysqlnd php-pdo php-common -y sudo yum install php-gd php-mbstring php-xml php-dom php-intl php-simplexml -y sudo systemctl start httpd sudo systemctl enable httpd sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm sudo yum-config-manager --enable epel sudo yum install certbot python2-certbot-apache -y
This preconfigured script will automatically install Apache, PHP 8, and Certbot into your Amazon Linux 2 instance.
Next, create a virtual host Apache. An example is given below. A detailed article is available on Apache Virtual Host here.
<VirtualHost *:80> # REQUIRED. Set this to the host/domain/subdomain that # you want this VirtualHost record to handle. ServerName backpackadvisor.com # Optional. You can specify additional host names that # serve up the same site. This can be top-level, domains, # sub-domains, and can even use wildcard subdomains such # as *.yourdomain.com - just separate each host name # with a single space. ServerAlias www.backpackadvisor.com # REQUIRED. Set this to the directory you want to use for # this vhost site's files. DocumentRoot /var/www/backpack # Optional. Uncomment this and set it to your admin email # address, if you have one. If there is a server error, # this is the address that Apache will show to users. ServerAdmin [email protected] # Optional. Uncomment this if you want to specify # a different error log file than the default. You will # need to create the error file first. #ErrorLog /var/www/vhosts/logs/error_log # REQUIRED. Let's make sure that .htaccess files work on # this site. Don't forget to change the file path to # match your DocumentRoot setting above. <Directory /var/www/backpack> AllowOverride All </Directory> </VirtualHost>
Run the following command to open the Virtual Host configuration file.
sudo vi /etc/httpd/conf.d/vhost.conf
Then paste the virtual host configuration which is given above. Make sure you replace the domain name backpackadvisor.com with your own domain name.
Now point your domain to the server by Setting the “A” record.
Then run the following command to install the SSL certificate.
sudo certbot --apache
It will ask for your email address for the first time. Please provide your email address and select “Yes” for all the options.
This will set up the SSL certificate for you using Letsencrypt.
This SSL certificate is valid for 90 days only. To renew the SSL certificate automatically set up a corn job which is given below.
sudo crontab -e 0 3 * * * sudo certbot renew >/dev/null 2>&1
The command above will run this renewal command every day morning at 3 AM.
I created a full video as well so that you can see how I can run those commands.
We hope this article has given you the tips and tools to successfully set up SSL with PHP 8 and Apache in AWS. If you have any questions about what we discussed, or simply want to say hello, feel free to leave a comment below.