This guide uses Ubuntu OS & nginx (HTTP & Reverse proxy server) on Amazon EC2 instance.
We will be using free SSL certificate from Let's Encrypt
Certificate Authority, and Certbot client
for certificate generation and deployment.
For more info visit Let's Encrypt & Certbot client.
Shell Access
For installing Let's Encrypt client we need to have shell access. For this guide we'll login through SSH into Amazon EC2 Instance to get shell access.
Install Certbot client with nginx plugin
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx
Generate SSL Certificate
$ sudo certbot --nginx certonly
system will prompt you for information regarding website/domain for which certificate is to be issued, subsequently it will generate necessary files under /etc/letsencrypt/live/YOUR_DOMAIN
.
Modify nginx config file
$ cd /etc/nginx/sites-available
Open configuration file in text editor, and modify file to include below lines
server {
*Some Lines*
listen 443 ssl;
ssl_certificate
/etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;
*Some Lines*
}
Replace YOUR_DOMAIN with your website domain name
Now you can visit your website/domain with https://YOUR_DOMAIN
in chrome browser. it will show a green lock infront of domain name as seen in this image.
Renewing SSL Certificate
As Let's Encrypt issues SSL certificate for 90 days, you have to renew it before it expires. following command will renew certificate for next 90 days.
$ sudo certbot renew
for simulation use command
$ sudo certbot renew --dry-run
if it succeeds, you can also add cron job for automatic renewals.