SSL Certificates for FREE—nginx AWS Route 53
János K.
Posted on September 1, 2024
In this post, I want to write about creating an SSL certificate for your AWS EC2 instance. Checkout my previous post on how to deploy your app to an EC2 instance and setting up a continuous deployment pipeline using GitHub actions. Deploy React App to EC2 using GitHub Actions.
Topics covered in this article: nginx, AWS Route 53, Elastic IPs, Let's Encrypt
Table of Contents
Setting up Elastic IPs
We are going to set up an elastic IP to and associate it with our EC2 instance. This means consistency for us which is important when it comes to setting up DNS records. Even if you turn off your instance it will remain static. Very demure.
Check out the docs on Elastic IPs including pricing!
AWS Elastic IP
- Go to AWS EC2 dashboard, in the sidebar click on Elastic IPs
- Big orange button alert — Allocate Elastic IP address
- Leave everything on the default settings (or customise it to your liking)
- Allocate
- Highlight the EIP you just created and select Actions then Associate Elastic IPs
- Click on the Instance button and the Instance you created
Amazing work so far! You now should be able to access your EC2 instance via the elastic IP. Remember it is still http in the URL. COPY YOUR ELASTIC IP TO YOUR CLIPBOARD, WE WILL NEED IT SOON.
Hosted zones
These steps assume you purchased your domain on AWS.
If your domain is on a 3rd party provider consider looking at other
articles on how to update records to point them to the Elastic IPs. Then come back here!
- Search for Route 53 in AWS
- Click on hosted zones in your dashboard
- Select the hosted zone of your domain — if you can see your domain and its hosted zone then open it and skip to step 5.
- Big orange button alert — Create hosted zone
- Fill in your domain name and click Create Type should be Public hosted zone
- Big orange button alert — Create record -> Simple routing -> Next
- Define simple record - we will define multiple records so don't be hasty to click on create records
- Select Routes traffic to an IPv4 address and some AWS resources
- Paste your elastic IP in the input (Value/Route traffic to) — phew!
- Define simple record
- DON'T CLICK CREATE YET
- Define another simple record. We need that sweet www 🤓 Like this: The final product:
- Big orange button alert — Create Records
Optional: Please note if you delete and create a new hosted zone, then you must update the name servers in Route 53. Go to Registered Domains -> your-domain.com -> Edit name servers. You can copy the name servers from the records in hosted zones. It may take 24 hours to propagate these changes.
You should now be able to view your site live. Remember, it is still http:// only. If you get an error, just remove the s from https.
Certificates
Now's the fun part! I mean this is what brings me joy, I don't know about you though.
This is the part where we will edit the nginx config file so that it will be aware of our domain name's existence. Certbot will inject the SSL related configurations automatically later on. We will make use of Let's encrypt to provide us a free SSL certificate.
- Connect to your EC2 instance via the terminal
- In the terminal
cd /etc/nginx/sites-available/
- Then
sudo cp default backupdefault
— quick backup, you never know! 🤭 - To edit the config file, type in
sudo nano default
Type in your domain like below:
server_name your-domain.com www.your-domain.com;
Exit, remember to write your changes aka save!
Test the config file
sudo nginx -t
=> you should see test successfulIMPORTANT run
sudo service nginx restart
as this ensures the new config settings are loaded
Let's encrypt 🔒 — getting that sweet https 🍭
Run the following commands
-
sudo snap install core; sudo snap refresh core
— installs Snap package manager so that we can install Certbot -
sudo apt remove certbot
— remove existing Certbot just in case and to avoid any conflicts -
sudo snap install --classic certbot
— classic is what we need -
sudo ln -s /snap/bin/certbot /usr/bin/certbot
— this ensures that Certbot command is accessible from anywhere on the system -
sudo systemctl reload nginx
— reload nginx again for the last time
Obtaining Free SSL Certificate
- run
sudo certbot --nginx -d your-domain.com -d www.your-domain.com
Replace your-domain with your-domain 🤭 Here you can add multiple subdomains as well just add the -d flag. - It will ask for your email address for renewals
- Read the Terms Of Service and agree if you'd like to proceed
- Next, it will ask about marketing campaigns; this is optional
Run this if you want auto SSL renewal (bet you do)
sudo systemctl status snap.certbot.renew.service
You should see this message:
Check if the renewal process works by running:
sudo certbot renew --dry-run
Thank you, please like and subscribe! 💾
Voilà! If you enjoy this content, please consider supporting my efforts. Your generosity fuels more of what you love! 🩷
I'm János, I write about Software, coding, and technology.
Checkout my portfolio
Posted on September 1, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.