This guide uses Ubuntu OS & nginx (HTTP & Reverse proxy server) on Amazon EC2 instance.

We will be using free SSL certificate from Let's Encrypt Certificate Authority, and Certbot client for certificate generation and deployment.
For more info visit Let's Encrypt & Certbot client.

Shell Access

For installing Let's Encrypt client we need to have shell access. For this guide we'll login through SSH into Amazon EC2 Instance to get shell access.

Install Certbot client with nginx plugin

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx  

Generate SSL Certificate

$ sudo certbot --nginx certonly

system will prompt you for information regarding website/domain for which certificate is to be issued, subsequently it will generate necessary files under /etc/letsencrypt/live/YOUR_DOMAIN.

Modify nginx config file

$ cd /etc/nginx/sites-available

Open configuration file in text editor, and modify file to include below lines

server {
  *Some Lines* 
   listen 443 ssl;
  *Some Lines*

Replace YOUR_DOMAIN with your website domain name

Now you can visit your website/domain with https://YOUR_DOMAIN in chrome browser. it will show a green lock infront of domain name as seen in this image.

Renewing SSL Certificate

As Let's Encrypt issues SSL certificate for 90 days, you have to renew it before it expires. following command will renew certificate for next 90 days.

$ sudo certbot renew 

for simulation use command

$ sudo certbot renew --dry-run

if it succeeds, you can also add cron job for automatic renewals.