Add SSL to AWS EC2

December 1, 2024 · AI Conversations

User
how to add ssl to aws ec2 free tier
Assistant
Adding SSL to an AWS EC2 Free Tier instance involves obtaining an SSL certificate and configuring your web server to use it. Here’s a step-by-step guide:

### **1. Obtain a Free SSL Certificate**
#### **Option 1: Use Let's Encrypt**
Let's Encrypt offers free SSL certificates.

– **Install Certbot**:
– For Ubuntu:

sudo apt update
    sudo apt install certbot python3-certbot-apache

– For Amazon Linux:

sudo amazon-linux-extras enable epel
    sudo yum install certbot python-certbot-apache

– **Run Certbot**:

sudo certbot --apache

– Certbot will automatically configure SSL for your Apache server.

#### **Option 2: Use AWS Certificate Manager (ACM)**
If you use AWS's Elastic Load Balancer (ELB), ACM offers free certificates.
– Go to **AWS Certificate Manager** in the AWS Management Console.
– Request a certificate for your domain and validate it (via DNS or email).
– Attach the certificate to an ELB.

### **2. Configure Apache for SSL**
If using Let's Encrypt, Certbot handles this for you. If not:
– Enable SSL and rewrite modules:

sudo a2enmod ssl
  sudo a2enmod rewrite

– Create an SSL-enabled virtual host configuration:

sudo nano /etc/apache2/sites-available/your-domain-ssl.conf

Example configuration:

<VirtualHost *:443>
      ServerName your-domain.com
      DocumentRoot /var/www/html

      SSLEngine on
      SSLCertificateFile /path/to/your/certificate.crt
      SSLCertificateKeyFile /path/to/your/private.key
      SSLCertificateChainFile /path/to/your/chain.pem

      <Directory /var/www/html>
          AllowOverride All
      </Directory>
  </VirtualHost>

– Restart Apache:

sudo systemctl restart apache2

### **3. Update Security Groups**
– Open only ports **80 (HTTP)** and **443 (HTTPS)** in your instance’s security group.
– In the AWS Management Console:
1. Navigate to **EC2 > Security Groups**.
2. Edit the **Inbound Rules**.
3. Add a rule to allow TCP traffic on port 443 from `0.0.0.0/0` (for public access).

### **4. Update DNS Records**
– In your domain registrar or DNS provider, point your domain to your EC2 instance's public IP or Elastic IP.
– Add the required DNS validation records if using ACM.

### **5. Verify SSL**
– Visit `https://your-domain.com` in your browser.
– Use [SSL Labs](https://www.ssllabs.com/ssltest/) to check your SSL configuration.

**Note:** Free Let's Encrypt certificates are valid for 90 days but can be automatically renewed using Cron jobs:

sudo crontab -e

Add:

0 0 * * * certbot renew --quiet

Let me know if you need help with any specific step!

Leave a Comment

Your email address will not be published. Required fields are marked *