SSL Setup on Amazon Linux 2023 using nginx and letsencrypt

Securing your website with SSL (Secure Socket Layer) is essential to protect sensitive information such as passwords, credit card details, and other data transmitted between your server and users’ browsers. SSL also enhances your website’s credibility and trustworthiness, making it a critical component of modern web hosting. In this blog, we’ll guide you through the process of setting up SSL on Amazon Linux 2023 using nginx and Let’s Encrypt.

Step 1: Install nginx

First, you need to install the nginx web server. Run the following command to install nginx on your Amazon Linux 2023 server:

sudo yum install nginx

Step 2: Allow HTTPS traffic

By default, HTTPS traffic is blocked on Amazon Linux 2023. You need to allow HTTPS traffic in the firewall to enable SSL. To allow HTTPS traffic, run the following command:

sudo firewall-cmd –add-service=https –permanent
sudo firewall-cmd –reload

Step 3: Install Certbot

Certbot is a tool that automates the process of obtaining and renewing SSL certificates from Let’s Encrypt. To install Certbot, run the following command:

sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip

sudo /opt/certbot/bin/pip install certbot certbot-nginx
sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

Step 4: Configure nginx

Next, you need to configure nginx to serve your website over HTTPS. Open the nginx configuration file using your preferred text editor:

sudo nano /etc/nginx/nginx.conf

In the HTTP block, add the following lines to redirect all HTTP traffic to HTTPS:

server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}

Replace example.com with your domain name.

Save the file and exit the editor.

Step 5: Request and install the SSL certificate

Now you are ready to request an SSL certificate from Let’s Encrypt using Certbot. Run the following command to request a certificate:

sudo certbot --nginx

Certbot will ask you to provide an email address and agree to the Let’s Encrypt terms of service. After that, Certbot will automatically configure nginx to use the new SSL certificate.

Step 6: Test SSL configuration

To test your SSL configuration, visit your website using HTTPS. If everything is configured correctly, you should see a green padlock icon in your browser’s address bar.

Step 7: Automatic certificate renewal

Let’s Encrypt SSL certificates are valid for 90 days. To ensure uninterrupted SSL protection, you need to renew your certificate every 90 days. Fortunately, Certbot can automate the renewal process for you. To set up automatic certificate renewal, run the following command:

sudo certbot renew

This command will simulate the certificate renewal process to make sure everything is configured correctly. If there are no errors, Certbot will automatically renew your SSL certificate when it is due to expire.

To renew the Certificate automatically you need to set a cronjob via crontab. The commands are given below.

sudo dnf install cronie
sudo crontab -e
0 3 * * * sudo certbot renew >/dev/null 2>&1

Conclusion

SSL is an essential component of modern web hosting. By following the steps outlined in this blog, you can easily set up SSL on Amazon Linux 2023 using nginx and Let’s Encrypt. With SSL, you can protect your users’ sensitive information and enhance your website’s credibility and trustworthiness.

Atiqur Rahman

I am MD. Atiqur Rahman graduated from BUET and is an AWS-certified solutions architect. I have successfully achieved 6 certifications from AWS including Cloud Practitioner, Solutions Architect, SysOps Administrator, and Developer Associate. I have more than 8 years of working experience as a DevOps engineer designing complex SAAS applications.

This Post Has One Comment

Leave a Reply