Let’s Encrypt is the latest internet trending. Its a relatively young Certification Authority which intends to provide free and automated SSL certificates so that everybody can set encryption to their sites and applications.
In this tutorial I will show you how How to Setup Free SSL Letsencrypt Using AWS Load Balancers
Scenario
- domain has been setup in AWS Route 53.
- Using Load Balancers (multi point)
AWS CLI Setup
you can create new permission on Identity and Access Management (IAM) and give permission for route53 like this below
and then setup your EC2 with credential as you create before, you can using aws-cli but I’m using manually method
vim /root/.aws/config
and put that files with
[default] aws_access_key_id=YOUR_AWS_SECRET_KEY_ID aws_secret_access_key=YOUR_AWS_SECRET_KEY
Install Certbot package
and then back to your EC2 and install package
sudo apt-add-repository ppa:certbot/certbot -y sudo apt-get update -y sudo apt-get install certbot python3-certbot-dns-route53 -y
Install and Setup domain with Letsencrypt
register your domain to bash
DOMAIN=devninja.net WILDCARD=*.$DOMAIN
and verify your library
echo $DOMAIN && echo $WILDCARD
and install letsencrypt and this script will sent verification to your route53 records
sudo certbot --dns-route53 --dns-route53-propagation-seconds 30 -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly
If everything worked, you should now have 4 files in the /etc/letsencrypt/live/mydomain.com folder.
/etc/letsencrypt/live/mydomain.com
|-- cert.pem
|-- chain.pem
|-- fullchain.pem
|-- privkey.pem
Setup the certificate in an ELB
Now that you have your certificate files, you need to upload them to the ELB.
Go to the AWS web console, select the EC2 service and go to Load Balancers. Once there select the load balancer of your choice and go to the Listeners tab.
Now you have to click on the "Change"
link, in the SSL Certificate column of the HTTPS protocol, in order to set the new certificate.
In this window, select the third option, Upload a new SSL certificate to AWS… and set the name of your choice for it.
Then, in the Private key field you have to place the contents of the cert.pem file, and in the Public key certificate field, the contents of the fullchain.pem file. You can leave the Certificate chain field empty.
Save, and you are done. Your ELB is now serving HTTPS request by using the previously generated Let’s Encrypt certificate.
thats it! if your still have any issue dont forget verify your https already running (try enable with a2ensite default-ssl
if you using apache) or you can reply in this post 🙂