Hostinger Domain SSL Setup

—

### **1. Check Domain Points to EC2**
Ensure your **domain’s DNS A record** points to your **EC2 public IP**.

– Go to Hostinger → DNS Zone
– A record for `@` and `www` should point to `EC2 IP` (e.g., `18.202.x.x`)

—

### **2. Open Port 443 in EC2 Security Group**
Make sure your EC2 instance's security group allows HTTPS:

– Go to **AWS EC2 Console → Security Groups**
– Edit inbound rules:
– Add Rule:
– Type: HTTPS
– Port: 443
– Source: 0.0.0.0/0 (or your preferred IP range)

—

### **3. Install SSL Certificate**
You can install a free Let's Encrypt SSL using **Certbot**. Here's how (assuming Ubuntu + Apache/Nginx):

#### For Apache:

sudo apt update
sudo apt install certbot python3-certbot-apache -y
sudo certbot --apache

#### For Nginx:

sudo apt update
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx

Follow prompts and select your domain name.

—

### **4. Auto-Renew SSL**
Set up auto-renewal:

sudo crontab -e

Add:

0 0 * * * /usr/bin/certbot renew --quiet

—

### **5. Force HTTPS (optional but recommended)**
– If using Apache, add this to your site's `.conf`:

<VirtualHost *:80>
    ServerName yourdomain.com
    Redirect permanent / https://yourdomain.com/
</VirtualHost>

—

### **6. Clear Hostinger Cache (if any)**

—

If you're still having issues, let me know:
– Your EC2 web server (Apache/Nginx)
– Domain name
– Any custom reverse proxy setup (like Cloudflare)
I'll tailor the steps further.

Here’s what’s going on:

—

### **Why Hostinger SSL Doesn't Work on EC2**
– **SSL certificates are installed on the server hosting the website**.
– If you **point the domain to EC2**, **EC2 is now responsible** for serving the content **and** handling the SSL.
– So, even if SSL exists on Hostinger, it **doesn't transfer to EC2**.

—

### **What You Should Do**
You have **two main options**:

—

#### **Option 1: Install Let's Encrypt SSL on EC2 (Recommended & Free)**
This is the standard way when hosting on EC2.

Let me know if you're using:
– **Apache** or **Nginx**
– Your EC2 OS: Ubuntu, Amazon Linux, etc.

I can give exact copy-paste commands.

—

#### **Option 2: Use Cloudflare to Proxy Traffic with SSL**
If you prefer not to install SSL on EC2, you can:
1. Sign up at [Cloudflare](https://cloudflare.com)
2. Add your domain to Cloudflare
3. Change nameservers in Hostinger to Cloudflare’s
4. Set **SSL mode to “Full” or “Full (Strict)”**
5. Cloudflare will provide HTTPS on your domain, proxying traffic to EC2

This avoids managing SSL on the EC2 server directly, but is an extra setup.

—

Would you like the **Certbot installation steps** for your EC2, or prefer to try **Cloudflare SSL**?

—

### ✅ Fix: Use Your Real Domain Name in Certbot

Let’s say your real domain (from Hostinger) is:

example.com

And you've already pointed it to your EC2 public IP.

Then run Certbot like this (for **Apache**):

sudo certbot --apache -d example.com -d www.example.com

Or for **Nginx**:

sudo certbot --nginx -d example.com -d www.example.com

—

### ⚠️ Important Checklist Before Running Again

1. ✅ `example.com` DNS A record points to your EC2 public IP
Test with:

curl -I http://example.com

It should return from your EC2.

2. ✅ Port 80 and 443 are open in **EC2 Security Group**

3. ❌ Don’t select the EC2 domain (`ec2-*.amazonaws.com`) — **only select your real domain**

—

### 🧪 Test With Dry Run (optional, safe)

You can test before actually requesting:

sudo certbot --nginx -d example.com --dry-run

—

Let me know your actual domain (or DM it if you want me to check DNS), and I’ll verify it's pointing properly.

We were unable to find a vhost with a ServerName or Address of www.myapicalls.in.
Which virtual host would you like to choose?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: shareyourthoughts.conf | ec2-51-20-60-238.eu-n | | Enabled
2: 000-default.conf | | | Enabled
3: shareyourthoughts-le-ssl.conf | Multiple Names | HTTPS | Enabled
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-3] then [enter] (press 'c' to cancel):

—

### ✅ What This Prompt Means

Certbot is asking **where to apply the SSL certificate** for:

– `myapicalls.in` → you already chose `shareyourthoughts.conf` (correct)
– Now it's asking where to apply for: **`www.myapicalls.in`**

It gives these options:
1. `shareyourthoughts.conf` → HTTP
2. `000-default.conf` → default site
3. `shareyourthoughts-le-ssl.conf` → the HTTPS version created by Certbot

—

### ✅ What You Should Select Now

Choose:

3

That’s the **SSL version of the virtual host** created by Certbot for `myapicalls.in`. It will now apply the cert for `www.myapicalls.in` to the same secure block.

—

### 🔁 After That, Restart Apache

sudo systemctl reload apache2

—

### ✅ Final Steps to Verify
1. Visit: https://myapicalls.in
2. Use [SSL Checker](https://www.sslshopper.com/ssl-checker.html) to confirm the certificate is live
3. Force HTTPS (optional but recommended):

In `/etc/apache2/sites-available/shareyourthoughts.conf` (HTTP version), add:

<VirtualHost *:80>
    ServerName myapicalls.in
    ServerAlias www.myapicalls.in
    Redirect permanent / https://myapicalls.in/
</VirtualHost>

Then:

sudo systemctl reload apache2

Let me know if you want help editing the VirtualHost file directly — I can guide with your current setup.

NEXT STEPS:
– The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running:
certbot install –cert-name myapicalls.com

VirtualHost not able to be selected.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

> You tried to install the certificate for `www.myapicalls.com` into a virtual host that **doesn’t have a `ServerName` or `ServerAlias` for `www.myapicalls.com`**, **and it would conflict with another HTTPS virtual host** (i.e., likely `wprock-le-ssl.conf` already uses port 443).

—

### ✅ **What You Need to Do to Fix This**

Let’s edit your `wprock-le-ssl.conf` to explicitly include both `myapicalls.com` **and** `www.myapicalls.com`.

—

### 🔧 Step-by-Step Fix

1. **Open the correct SSL config file**:

sudo nano /etc/apache2/sites-available/wprock-le-ssl.conf

2. **Make sure your VirtualHost looks something like this** (adjust domain and paths if needed):

<VirtualHost *:443>
    ServerName myapicalls.com
    ServerAlias www.myapicalls.com

    DocumentRoot /var/www/your-site-folder

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/myapicalls.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/myapicalls.com/privkey.pem

    # Other common directives like:
    # <Directory /var/www/your-site-folder>
    #     AllowOverride All
    # </Directory>
</VirtualHost>

3. **Save and exit** (`Ctrl + O`, `Enter`, then `Ctrl + X`)

4. **Test your Apache config**:

sudo apache2ctl configtest

You should see: `Syntax OK`

5. **Reload Apache**:

sudo systemctl reload apache2

—

### ✅ Re-Install the Cert Now

Since the cert was saved but not installed earlier, just run:

sudo certbot install --cert-name myapicalls.com

This time it should detect the updated vhost and apply it properly.

—

Let me know if you're unsure what your real DocumentRoot or site folder is — I can help figure that out too.

—

### ✅ Step-by-Step Fix (Manual Install for `myapicalls.com` SSL)

#### 1. **Edit your HTTPS virtual host config**
Open:

sudo nano /etc/apache2/sites-available/wprock-le-ssl.conf

Update or ensure this structure exists inside the “ block:

<VirtualHost *:443>
    ServerName myapicalls.com
    ServerAlias www.myapicalls.com

    DocumentRoot /var/www/share/public

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/myapicalls.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/myapicalls.com/privkey.pem

    <Directory /var/www/share/public>
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

> ⚠️ Replace `/var/www/share/public` with the correct path if it's different for your app.

—

#### 2. **Enable SSL module & site if not yet done**

sudo a2enmod ssl
sudo a2ensite wprock-le-ssl.conf

—

#### 3. **Force HTTP to HTTPS redirect (optional but recommended)**

Edit your HTTP config:

sudo nano /etc/apache2/sites-available/wprock.conf

Add redirect block:

<VirtualHost *:80>
    ServerName myapicalls.com
    ServerAlias www.myapicalls.com
    Redirect permanent / https://myapicalls.com/
</VirtualHost>

—

#### 4. **Test and reload Apache**

sudo apache2ctl configtest
# Should show: Syntax OK

sudo systemctl reload apache2

—

### ✅ Done — Now Check:
– https://myapicalls.com
– https://www.myapicalls.com
They should both show SSL lock and no errors.

Let me know if you want me to inspect your actual `conf` file for correctness — feel free to paste it.

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: ec2-51-20-60-238.eu-north-1.compute.amazonaws.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for ec2-51-20-60-238.eu-north-1.compute.amazonaws.com
An unexpected error occurred:
Error creating new order :: Cannot issue for "ec2-51-20-60-238.eu-north-1.compute.amazonaws.com": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

—

### ✅ The Fix: Request SSL for your real domain (`myapicalls.com`)
Run **Certbot manually with your real domain name**:

If you're using **Apache**, the correct command is:

sudo certbot --apache -d myapicalls.com -d www.myapicalls.com

This tells Certbot:
– to use the `–apache` installer
– and generate an SSL certificate for your **actual domain** (`myapicalls.com`), not your EC2 public DNS

—

### 📌 Summary of Key Points
| Step | What to do | Why |
|——|————|——|
| ✅ DNS | Ensure `myapicalls.com` points to your EC2 IP | Required for verification |
| ✅ Ports | Open port 80 and 443 in EC2 Security Group | Required for HTTP/HTTPS |
| ❌ Don't select EC2 domain | `ec2-*.amazonaws.com` is **blocked** by Let's Encrypt | |
| ✅ Manually provide your domain | Use `-d myapicalls.com -d www.myapicalls.com` | Forces Certbot to generate for the right domain |

—

### Optional: Test DNS Resolution First
From EC2:

ping myapicalls.com

Should return your EC2 IP.

—

Run this now:

sudo certbot --apache -d myapicalls.com -d www.myapicalls.com

Let me know the output or if it asks for VHost selection — I’ll guide you live through it.

We were unable to find a vhost with a ServerName or Address of www.myapicalls.com.
Which virtual host would you like to choose?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: 000-default.conf | | | Enabled
2: wp-react.conf | ec2-51-20-60-238.eu-n | | Enabled
3: wp-react-le-ssl.conf | Multiple Names | HTTPS | Enabled
which option I will select

—

### 🔍 What Certbot Is Asking:
It's asking where to **install the SSL for `www.myapicalls.com`** — because it's not yet included in any active VirtualHost.

You see these options:
1. `000-default.conf` → default fallback, avoid it
2. `wp-react.conf` → HTTP vhost
3. `wp-react-le-ssl.conf` → 🔒 HTTPS vhost, **already has `myapicalls.com`**

—

### ✅ You Should Select:

3

This ensures both:
– `myapicalls.com`
– `www.myapicalls.com`

…are secured **under the same HTTPS configuration** (`wp-react-le-ssl.conf`), avoiding conflict or duplication.

—

### 🛠 Next Steps After That:
1. **Edit** `wp-react-le-ssl.conf` and make sure it contains:

ServerName myapicalls.com
ServerAlias www.myapicalls.com

2. **Reload Apache**:

sudo systemctl reload apache2

3. **Force HTTP to HTTPS redirect** (optional but good):
Edit `/etc/apache2/sites-available/wp-react.conf`:

<VirtualHost *:80>
    ServerName myapicalls.com
    ServerAlias www.myapicalls.com
    Redirect permanent / https://myapicalls.com/
</VirtualHost>

Then reload again:

sudo systemctl reload apache2

—

Let me know once done, or if you want me to verify your exact `.conf` content!

✅ SSL is working (Apache is serving over HTTPS)
❌ But the **DocumentRoot is incorrect** or the **directory is empty**, so Apache can't find `index.php` or `index.html`.

—

### ✅ Let's Fix This Step-by-Step

#### 1. 🔍 Check Which Conf is Serving the Site

Run:

sudo apache2ctl -S

You’ll see output like this:

*:443    is a NameVirtualHost
         default server myapicalls.com (/etc/apache2/sites-enabled/wp-react-le-ssl.conf:1)
         port 443 namevhost myapicalls.com (/etc/apache2/sites-enabled/wp-react-le-ssl.conf:1)
                 alias www.myapicalls.com
         ...

➡ Confirm which `.conf` is serving `myapicalls.com` on port 443
(should be `wp-react-le-ssl.conf`)

—

#### 2. 🛠 Edit the Right SSL Config File

sudo nano /etc/apache2/sites-available/wp-react-le-ssl.conf

Make sure this block looks like:

<VirtualHost *:443>
    ServerName myapicalls.com
    ServerAlias www.myapicalls.com

    DocumentRoot /var/www/share/public

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/myapicalls.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/myapicalls.com/privkey.pem

    <Directory /var/www/share/public>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

> ⚠️ Replace `/var/www/share/public` with your actual Laravel/public or WordPress folder

—

#### 3. ✅ Reload Apache

sudo systemctl reload apache2

—

#### 4. 🧪 Test

Visit:

– https://myapicalls.com
– https://www.myapicalls.com

If you see your app, it's fixed.

—

### Not Sure What the DocumentRoot Should Be?

Run:

ls /var/www/

If you're using Laravel, it might be:

DocumentRoot /var/www/share/public

If it's WordPress:

DocumentRoot /var/www/html

Let me know your actual app type (Laravel / WordPress / HTML), and I'll give you the exact DocumentRoot path to use.

The key problem is:

AH00112: Warning: DocumentRoot [/var/www/wp-rock/web] does not exist

Your Apache VirtualHost is pointing to a non-existent folder:

/var/www/wp-rock/web

—

### ✅ To Fix the 404 Issue:

You need to update your SSL VirtualHost config to point to the **correct existing project folder** — e.g., Laravel uses `/var/www/share/public`, WordPress uses `/var/www/html`.

—

### 🔧 Step-by-Step Fix

#### 1. Check Where Your Site Actually Is
Run:

ls /var/www/

Let’s say you see something like:

html  share  wp-rock

Then dig deeper:

ls /var/www/wp-rock/

If you don’t see a `web` folder, that’s the issue.

—

#### 2. Fix Apache Config

Edit the SSL config file:

sudo nano /etc/apache2/sites-available/wp-react-le-ssl.conf

Update this line:

DocumentRoot /var/www/wp-rock/web

👉 **Change it to the correct folder**, for example:

– For WordPress:

DocumentRoot /var/www/html

– For Laravel:

DocumentRoot /var/www/share/public

Also update the “ block accordingly:

<Directory /var/www/html>
    AllowOverride All
    Require all granted
</Directory>

—

#### 3. Save & Reload Apache

sudo apache2ctl configtest  # should say "Syntax OK"
sudo systemctl reload apache2

—

#### 4. Visit your site:
Go to:
– https://myapicalls.com
– https://www.myapicalls.com

You should see your real site, no more 404.

—

If you're not sure which folder has your app, paste the output of:

ls -l /var/www/

And I’ll tell you the exact `DocumentRoot` to use.

sudo chmod -R 777 /path/to/aws

> Replace `/path/to/aws` with the actual path, for example:

sudo chmod -R 777 /var/www/aws

—

### ⚠️ **Important Warning About 777**
Giving `777` permissions:

– Allows **any user or script** to **read/write/delete/execute** files.
– Is a **serious security risk**, especially on a web server exposed to the internet.

### ✅ Safer Alternative (Recommended)
Instead, you can do:

sudo chown -R www-data:www-data /var/www/aws
sudo chmod -R 755 /var/www/aws

This:
– Gives ownership to Apache (`www-data`)
– Allows write access only to owner
– Safer for production

—

Let me know your use case (e.g., Laravel storage folder, WordPress uploads), and I can guide you with **appropriate permissions** instead of using `777`.

$EC2_USER@$EC2_HOST: Permission denied (publickey).

Which means **SSH cannot authenticate using your key**. This happens because one of the following is wrong or missing:

—

### ✅ Check These Step-by-Step

#### 1. 🔑 Is Your SSH Key Correct?
Make sure you're using the correct PEM file:

ssh -i /path/to/your-key.pem ubuntu@your-ec2-host

> Example:

ssh -i ~/aws/k.pem ubuntu@ec2-16-171-53-169.eu-north-1.compute.amazonaws.com

> `ubuntu` is the default user for Ubuntu EC2 instances

—

#### 2. 🔒 Fix `StrictHostKeyChecking` Version

Now re-run your command like this:

ssh -i /path/to/your-key.pem -o StrictHostKeyChecking=no ubuntu@ec2-16-171-53-169.eu-north-1.compute.amazonaws.com "echo 'SSH-Verbindung erfolgreich'"

—

#### 3. ⚙️ Are Variables Like `$EC2_USER` and `$EC2_HOST` Set?

If you’re running:

ssh -o StrictHostKeyChecking=no $EC2_USER@$EC2_HOST ...

Make sure these are defined first:

export EC2_USER=ubuntu
export EC2_HOST=ec2-16-171-53-169.eu-north-1.compute.amazonaws.com

And that your SSH key is passed in too:

ssh -i ~/aws/k.pem -o StrictHostKeyChecking=no $EC2_USER@$EC2_HOST "echo 'SSH-Verbindung erfolgreich'"

—

### Still Not Working?

Please confirm:
– The correct **PEM file path**
– EC2 OS (Ubuntu, Amazon Linux, etc.)
– EC2 user (`ubuntu`, `ec2-user`, etc.)
– That your PEM file has **600 permissions**:

chmod 600 ~/aws/k.pem

Let me know and I’ll tailor the exact working SSH command.