Elastic Beanstalk Security Certificates

From Littledamien Wiki
Revision as of 13:00, 23 July 2018 by Video8 (talk | contribs) (Created page with "== Overview == Instructions on installing and maintaining SSL for AWS Elastic Beanstalk web apps. Amazon offers its own security certificates for load balanced EC2 instances...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Overview

Instructions on installing and maintaining SSL for AWS Elastic Beanstalk web apps.

Amazon offers its own security certificates for load balanced EC2 instances, but not for smaller stand-alone instances.

Let's Encrypt offers free security certificates.

Installation

Prerequisites

  • Open port 443 on the EC2 instance
  • ssh access to the EC2 instance
  • Git, virtualenv, pip

First, ssh to the EC2 instance.

Then install Let's encrypt into /opt/letsencrypt with git 

$ sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencript

The source instructions gave this command: 

$ /opt/letsencrypt/letsencrypt-auto --debug

But that returned the following error: 

PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

This is cause by not having the typical VirtualHost running on port 80 in the Apache configuration, so Certbot needs an alternative method for authenticating the doamin. It's possibel to manually specify the web root of the website: [1] 

$ /opt/letsencrypt/letsencrypt-auto --debug --authenticator webroot --installer apache -w /var/www/webroot -d mydomain.com,www.mydomain.com


[2]

  1. Error installing Let's Encrypt on AWS Linux - AWS forums
  2. Deploying Let's Encrype on An Amazon Linux AMI EC2 Instance - Medium.com
Retrieved from "https://wiki.dbarchowsky.com/index.php?title=Elastic_Beanstalk_Security_Certificates&oldid=2495"