What is Let’s Encrypt?
Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. It launched on April 12, 2016. Let’s Encrypt certificates are valid for 90 days, during which renewal can take place at any time.
How to Install Let’s Encrypt on Amazon Linux 2?
At first, you need to create an instance with base AMI as Amazon Linux 2. Amazon Linux 2 is the next-generation Amazon Linux operating system. It provides a high-performance, stable, and secure execution environment for cloud and enterprise applications. Amazon Linux 2 will offer extended availability of software updates for the core operating system through 5 years of long-term support and provides access to the latest software packages through the Amazon Linux Extras repository.
In this instance creation process put this code in the user data section. This will help you to run this code when a new instance is created. You don’t need to run it manually if you put this in the user data section.
#!/bin/bash sudo yum update -y sudo groupadd www sudo amazon-linux-extras install nginx1 sudo amazon-linux-extras enable php8.0 sudo yum clean metadata sudo yum install php php-cli php-mysqlnd php-pdo php-common php-fpm -y sudo yum install php-gd php-mbstring php-xml php-dom php-intl php-simplexml -y sudo systemctl start nginx sudo systemctl enable nginx sudo systemctl start php-fpm sudo systemctl enable php-fpm sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm sudo yum-config-manager --enable epel sudo yum install certbot python2-certbot-nginx -y
This preconfigured script will automatically install Nginx, PHP 8, and Certbot into your Amazon Linux 2 instance.
Next, create a virtual host server block in Nginx. An example is given below. A detailed article is available on Nginx Server Here.
Open a configuration file for the Nginx server block and paste the content which is given above along with your domain name.
sudo vi /etc/nginx/conf.d/website.conf
Restart the Nginx for the change to take effect
sudo systemctl restart nginx
Now use Certbot to issue an SSL certificate
sudo certbot --nginx
To renew the Certificate automatically you need to set a cronjob via crontab. The commands are given below.
sudo crontab -e
After running this command, you will see a new blank screen for editing. Over there you need to give the commands which need to be executed and also time and free frequency.
0 3 * * * sudo certbot renew >/dev/null 2>&1
The command above will run this renewal command every day morning at 3 AM.
I created a full video as well so that you can see how I can run those commands.
We hope this article and tutorial have been helpful! Leave a comment below with any questions you might have. If you want to learn more about how we can help your business, please visit our website or reach out on social media! Thank you for reading and happy coding 🙂