What is Let’s Encrypt?
Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. It launched on April 12, 2016. Let’s Encrypt certificates are valid for 90 days, during which renewal can take place at any time.
How to Install Let’s Encrypt on Amazon Linux 2?
At first, you need to create an instance with base AMI as Amazon Linux 2. Amazon Linux 2 is the next-generation Amazon Linux operating system. It provides a high-performance, stable, and secure execution environment for cloud and enterprise applications. Amazon Linux 2 will offer extended availability of software updates for the core operating system through 5 years of long-term support and provides access to the latest software packages through the Amazon Linux Extras repository.
In this instance creation process put this code in the user data section. This will help you to run this code when a new instance is created. You don’t need to run it manually if you put this in the user data section.
#!/bin/bash sudo yum update -y sudo groupadd www sudo amazon-linux-extras install nginx1 sudo amazon-linux-extras enable php8.0 sudo yum clean metadata sudo yum install php php-cli php-mysqlnd php-pdo php-common php-fpm -y sudo yum install php-gd php-mbstring php-xml php-dom php-intl php-simplexml -y sudo systemctl start nginx sudo systemctl enable nginx sudo systemctl start php-fpm sudo systemctl enable php-fpm sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm sudo yum-config-manager --enable epel sudo yum install certbot python2-certbot-nginx -y
This preconfigured script will automatically install Nginx, PHP 8, and Certbot into your Amazon Linux 2 instance.
Next, create a virtual host server block in Nginx. An example is given below. A detailed article is available on Nginx Server Here.
Open a configuration file for the Nginx server block and paste the content which is given above along with your domain name.
sudo vi /etc/nginx/conf.d/website.conf
Restart the Nginx for the change to take effect
sudo systemctl restart nginx
Now use Certbot to issue an SSL certificate
sudo certbot --nginx
To renew the Certificate automatically you need to set a cronjob via crontab. The commands are given below.
sudo crontab -e
After running this command, you will see a new blank screen for editing. Over there you need to give the commands which need to be executed and also time and free frequency.
0 3 * * * sudo certbot renew >/dev/null 2>&1
The command above will run this renewal command every day morning at 3 AM.
I created a full video as well so that you can see how I can run those commands.
We hope this article and tutorial have been helpful! Leave a comment below with any questions you might have. If you want to learn more about how we can help your business, please visit our website or reach out on social media! Thank you for reading and happy coding 🙂
3 thoughts on “SET Up SSL with PHP 8 and Nginx in AWS”
Hey my man thanks for the great vids. Check out using route-53 doing cert only and pasting them in. Works great expecially since you can reuse them or make them even for another box.
Hello, I followed this to the letter and I’m getting improper redirect error, I google the hell out of this but can’t figure it out, maybe there is something wrong with the config?
Thank you for the great work.
Good video. However, I have a little different situation. I have 2 EC2 Instances running.
One has Docker with Hasura running and I have had installed SSL on that with domain pointed to AWS DNS records. My Domain is from GoDaddy.
Another EC2 instance is running Nginx with .net core api. Now, I am stuck as I have to make this EC2 SSL enabled also. I need to understand do I need to create new Cert from Let’s encryot for same domain on this EC2 instance via terminal? Or what will happen if my existing EC2 instance that has SSL enabled done already. Not expert and thought to ask you some guidance after reading and watching your Tutorial video,
Please reach to me for this simple help.