Elastic Beanstalk Security Certificates: Difference between revisions
No edit summary |
No edit summary |
||
| Line 38: | Line 38: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Installing | === Installing Let's Encrypt === | ||
Install Let's encrypt into `/opt/letsencrypt` with git | Install Let's encrypt into `/opt/letsencrypt` with git | ||
| Line 45: | Line 45: | ||
$ sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencript | $ sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencript | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Installing certificates == | |||
Use Let's Encrypt to install security certificates. <ref>[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html Tutorial: Configure Apache Web Server on Amazon Linux 2 to Use SSL/TLS] - AWS documentation<ref>[https://medium.com/@gnowland/deploying-lets-encrypt-on-an-amazon-linux-ami-ec2-instance-f8e2e8f4fc1f Deploying Let's Encrype on An Amazon Linux AMI EC2 Instance] - Medium.com</ref> | |||
The source instructions gave this command: | The source instructions gave this command: | ||
| Line 58: | Line 62: | ||
</pre> | </pre> | ||
This is cause by not having the typical [https://httpd.apache.org/docs/2.4/mod/core.html#virtualhost VirtualHost running on port 80] in the Apache configuration, so Certbot needs an alternative method for authenticating the doamin. It's | This is cause by not having the typical [https://httpd.apache.org/docs/2.4/mod/core.html#virtualhost VirtualHost running on port 80] in the Apache configuration, so Certbot needs an alternative method for authenticating the doamin. It's possible to manually specify the web root of the website: <ref>[https://community.letsencrypt.org/t/error-installing-lets-encrypt-on-aws-linux/52227/3 Error installing Let's Encrypt on AWS Linux] - AWS forums</ref> | ||
<syntaxhighlight lang="sh"> | <syntaxhighlight lang="sh"> | ||
| Line 64: | Line 68: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Troubleshooting == | |||
=== Cannot find SSLCertificateFile directive === | |||
When running `letsencrypt-auto` or `certbot-auto` | |||
<pre> | |||
Cannot find an SSLCertificateFile directive in /files/etc/httpd/conf/httpd-le-ssl.conf/IfModule/VirtualHost. VirtualHost was not modified | |||
Unable to find an SSLCertificateFile directive | |||
</pre> | |||
This was fixed by successfully installing `mod_ssl` | |||
=== ERR_CONNECTION_REFUSED in Chrome === | |||
Attempting to load the site using https protocol in Chrome results in ERR_CONNECTION_REFUSED error. | |||
This was fixed after the certificate was installed (creating the httpd-le-ssl.conf file with correct SSL directives). | |||
< | == Notes == | ||
<references /> | |||
[[Category:AWS]][[Category:Web Development]] | [[Category:AWS]][[Category:Web Development]] | ||
Revision as of 20:56, 23 July 2018
Overview
Instructions on installing and maintaining SSL for AWS Elastic Beanstalk web apps.
Amazon offers its own security certificates for load balanced EC2 instances, but not for smaller stand-alone instances.
Let's Encrypt offers free security certificates.
Prerequisites
All these commands are issued after using ssh to get a command prompt on the EC2 instance.
- ssh access to the EC2 instance
- Git, virtualenv, pip
Open port 443 on the EC2 instance
- AWS Management Console > EC2 > instance > click for details > Security Group > click for details
- Inbound tab > Edit button
- Add Rule button
- Type: HTTPS
- Protocol: TCP
- Port Range: 443
- Source: 0.0.0.0/0, ::/0
Enable SSL on EC2 instance
The Amazon documentation instructs you to install mod_ssl with the following command which should create a file /etc/httpd/conf.d/ssl.conf when it completes.
$ sudo yum install mod_ssl
This did not work for me for dbarchowsky.com which was on a t1.micro instance, Amazon Linux AMI version 2018.03. What worked instead was:
$ sudo yum install mod24_ssl
Installing Let's Encrypt
Install Let's encrypt into /opt/letsencrypt with git
$ sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencript
Installing certificates
Use Let's Encrypt to install security certificates. Cite error: Closing </ref> missing for <ref> tag
The source instructions gave this command:
$ /opt/letsencrypt/letsencrypt-auto --debug
But that returned the following error:
PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
This is cause by not having the typical VirtualHost running on port 80 in the Apache configuration, so Certbot needs an alternative method for authenticating the doamin. It's possible to manually specify the web root of the website: [1]
$ /opt/letsencrypt/letsencrypt-auto --debug --authenticator webroot --installer apache -w /var/www/webroot -d mydomain.com,www.mydomain.com
Troubleshooting
Cannot find SSLCertificateFile directive
When running letsencrypt-auto or certbot-auto
Cannot find an SSLCertificateFile directive in /files/etc/httpd/conf/httpd-le-ssl.conf/IfModule/VirtualHost. VirtualHost was not modified Unable to find an SSLCertificateFile directive
This was fixed by successfully installing mod_ssl
ERR_CONNECTION_REFUSED in Chrome
Attempting to load the site using https protocol in Chrome results in ERR_CONNECTION_REFUSED error.
This was fixed after the certificate was installed (creating the httpd-le-ssl.conf file with correct SSL directives).
Notes
- ↑ Error installing Let's Encrypt on AWS Linux - AWS forums