A step-by-step guide for AWS EC2 provisioning using Terraform: Let’s Encrypt Https SSL Certificate in EC2 Amazon Lunix 2 nginx — Part 15

Joel Wembo
9 min readJul 9, 2024

--

A step-by-step guide for AWS EC2 provisioning using Terraform: Let’s Encrypt Https SSL Certificate in EC2 Amazon Lunix 2 nginx server — Part 15. The document discusses securing an nginx web server running on Amazon Lunix 2 with a free SSL certificate from Let’s Encrypt. We also added Wildcard SSL certification for subdomains.

Let’s Encrypt Https SSL Certificate in EC2 Amazon Lunix 2 nginx server:

· Let’s Encrypt Https SSL Certificate in EC2 Amazon Lunix 2 nginx server:
· Introduction
Step 1: EC2 Provisioning
Step 2: nginx installation
Step 4: Add DNS Record Type A to your domain name pointing to your EC2 or Azure VM instance Public IP
Step 5: Install Certbot on Ubuntu ( Amazon Lunix 2)
Step 6: Configure Nginx for Your Domain Name
Step 7: Nginx with Lets Encrypt ( Certbot )
· Conclusion
· About me

Introduction

SSL is the standard technology for securing an internet connection by encrypting data sent between a website and a browser (or between two servers). It prevents hackers from seeing or stealing any information transferred, including personal or financial data.

Installing Let’s Encrypt in the Ubuntu virtual machine. It will cover:

Let’s Encrypt is a global Certificate Authority (CA). We let people and organizations around the world obtain, renew, and manage SSL/TLS certificates. Our certificates can be used by websites to enable secure HTTPS connections. Let’s Encrypt offers Domain Validation (DV) certificates.

1. EC2 Provisioning:

  • Key Pair: Generate a key pair for SSH access to your Amazon Lunix 2 EC2 instance . This involves creating a public and private key pair on your local machine. The private key will be used to connect securely to your instance.
  • Security Group: Create a security group in your AWS Management Console. This group defines inbound and outbound traffic rules for your EC2 instance. You’ll need to allow access through ports 22 (SSH) and 80 (HTTP) for initial setup and potentially 443 (HTTPS) for certificate validation.
  • Launch Instance: Launch an Amazon Lunix 2 instance on EC2, selecting the appropriate Amazon Machine Image (AMI), instance type, and associating the previously created security group.

2. Nginx and Certbot Installation:

  • Connect to EC2: Use your private key to establish an SSH connection to your EC2 instance.
  • Update Packages: Update the package lists and installed software on your Amazon Lunix 2 instance.
  • Install Nginx: Install the Nginx web server software using the package manager.
  • Install Certbot: Install Certbot, the tool to obtain Let’s Encrypt certificates, following the official installation guide for your specific Amazon Lunix 2 version.

3. Obtain and Configure SSL Certificate:

  • Configure DNS Validation (Optional): Depending on the chosen Certbot method, you might need to configure a DNS record for your domain to validate ownership. This involves creating a specific record type (e.g., CNAME) in your domain name provider’s control panel.
  • Run Certbot: Use Certbot to obtain the SSL certificate for your domain name. The specific command will depend on the chosen validation method (standalone, DNS validation, etc.).
  • Configure Nginx for SSL: Update your Nginx configuration file to use the obtained SSL certificate and key for your website. This typically involves enabling HTTPS and specifying the certificate and key file paths.

4. Azure VM Specific Steps (Possible Variations): The document might also detail any variations required for setting up the environment and obtaining the certificate on an Azure VM. This could involve differences in security group configuration or using Azure-specific tools for DNS validation.

Step 1: EC2 Provisioning

For this demo, we have used both Github Actions and Terraform to provision our Amazon Lunix 2 image. Please check Part 1 and Part 2 to learn how to get ready your ec2 instance or virtual machine.

Quick Note : Make sure you enable the ports 80 and 443 for secure HTTPS in your aws ec2 security group as follow :

Connect to your ec2 instance

Step 2: nginx installation

For the EC2 Amazon Linux 2, use the following commands:

# nginx installer for amazon lunix 2
# # Update package index
sudo yum update -y
# Install the Extra Packages for Enterprise Linux (EPEL) repository
sudo amazon-linux-extras install epel -y
# Install Nginx
sudo yum install -y nginx
# Start Nginx service
sudo systemctl start nginx
# Enable Nginx to start on boot
sudo systemctl enable nginx

For this demo, our IP address is 54.173.141.110 and our domain name is prodx.website and prodxcloud.io

Next, Check the installation

- sudo nginx -t 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
- sudo systemctl status nginx

Step 4: Add DNS Record Type A to your domain name pointing to your EC2 or Azure VM instance Public IP

Check DNS (if you are using Cloudflare enable full strict by ssl/tsl>overview>full_strict)

dig prodx.wesite
dig prodx.website

Step 5: Install Certbot on Ubuntu ( Amazon Lunix 2)

sudo amazon-linux-extras install epel
sudo yum install certbot python2-certbot-nginx

Step 6: Configure Nginx for Your Domain Name

cd /etc/nginx/conf.d/
sudo vim prodx.website.conf

add the following code:

server {
listen 80;
listen [::]:80;

server_name prodx.website;
root /usr/share/nginx/html; # /var/www/prodxcloud.io/html
index index.html index.htm;

location / {
try_files $uri $uri/ =404;
}
}

Next, reload nginx

Next, Create a folder for our website: ## /var/www/prodx.website/html ( Optional since we are using the main nginx folder in amazon lunix 2 )

Updated ownership and permissions :

sudo chown -R $USER:$USER /usr/share/nginx/html/
sudo chmod -R 755 /usr/share/nginx/html/

OR
## sudo chown -R $USER:$USER /var/www/prodx.website/html
## sudo chown -R 755 /var/www/prodx.website/html
## sudo chown -R $USER:$USER /var/www/prodxcloud.io
## sudo chmod -R 755 /var/www/prodxcloud.io

Create/upload the website

Step 7: Nginx with Lets Encrypt ( certbot )

sudo certbot --nginx 

In the next blog post, we are going to write about Wildcard SSL Certificate in nginx and apache2 server

By following these steps, you can obtain and configure a Wildcard SSL certificate for your domain *.prodxcloud.io and ensure that your subdomains like api.prodxcloud.io and app.prodxcloud.io are covered. If you encounter any issues or need further assistance, feel free to ask!

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: Let’s Encrypt SSL on Apache2 servers in an Azure Virtual Machine using Ansible Playbook — Part 14

Conclusion

This guide empowers you to secure your Ubuntu web server on Amazon lunix nginx server using a free Let’s Encrypt SSL certificate. It walks you through provisioning your EC2 instance, installing Nginx and Certbot, obtaining the certificate, and configuring Nginx for HTTPS.

echo | openssl s_client -servername www.prodx.website -connect www.prodx.website:443 | openssl x509 -noout -dates -subject -issuery renew this certificate in the background.To enhance readability, this handbook is divided into chapters and split into parts. The first, part, “A step-by-step guide for AWS EC2 provisioning using Terraform: HA, ALB, VPC, and Route53 — Part 1”, and the second part “A step-by-step guide for AWS EC2 provisioning using Terraform: HA, CloudFront, WAF, and SSL Certificate — Part 2”, and “A step-by-step guide for AWS EC2 provisioning using Terraform: Cloud Cost Optimization, AWS EC2 Spot Instances — Part 3”, was covered in a separate article to keep the reading time manageable and ensure focused content. The next part or chapter will be published in the next post, upcoming in a few days, “A step-by-step guide for AWS EC2 provisioning using Terraform: Azure and AWS VPN Site-to-site Connection for EC2 (multi-cloud) using Terraform — Part 15“ and so much more !!

Thank you for Reading !! 🙌🏻, don’t forget to subscribe and give it a CLAP 👏, and if you found this article useful contact me or feel free to sponsor me to produce more public content. see me in the next article.🤘

About me

I am Joel Wembo, AWS certified cloud Solutions architect, Back-end developer, and AWS Community Builder, I‘m based in the Philippines 🇵🇭; and currently working at prodxcloud as a DevOps & Cloud Architect. I bring a powerful combination of expertise in cloud architecture, DevOps practices, and a deep understanding of high availability (HA) principles. I leverage my knowledge to create robust, scalable cloud applications using open-source tools for efficient enterprise deployments.

I’m looking to collaborate on AWS CDK, AWS SAM, DevOps CI/CD, Serverless Framework, CloudFormation, Terraform, Kubernetes, TypeScript, GitHub Actions, PostgreSQL, and Django.”

For more information about the author ( Joel O. Wembo ) visit:

Links:

🌟Other Resources

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: HA, ALB, VPC, and Route53 — Part 1

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: HA, CloudFront, WAF, and SSL Certificate — Part 2

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: Cloud Cost Optimization, EC2 Spot Instances, CloudWatch, SNS, Lambda — Part 3

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: Azure VM and Networking (multi-cloud preparations) — Part 4

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: Terraform Error locking state error acquiring the state lock — Part 5

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: remote-exec Provisioner & user data — Part 6

🚀A step-by-step guide for AWS EC2 provisioning using Terraform: AWS EC2 Pricing — Part 7

🚀A step-by-step guide for AWS EC2 provisioning using Terraform: Automating aws ec2 ubuntu AMIs using terraform aws_ami data source — Part 8

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: EC2 Auto scaling using Terraform for high availability and resource optimization — Part 9

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: Deploying React with NGINX to EC2 using GitHub Actions (end-to-end CI/CD pipeline ) — Part 10

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: EC2 and Compliance — Part 11

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: VPN, VPC peering, Site-to-site Connection, tunnels, AWS VPN, Azure VPN client & Gateway (multi-cloud) using Terraform — Part 12

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: Let’s Encrypt SSL Certificate in EC2 nginx server or Azure Virtual Machine ubuntu — Part 13 ( + Wildcard SSL )

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: Let’s Encrypt SSL on Apache2 servers in an Azure Virtual Machine using Ansible Playbook — Part 14

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: Let’s Encrypt Https SSL Certificate in EC2 Amazon Lunix 2 nginx — Part 15

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: Creating a self-signed SSL certificate for an Azure VM ubuntu Apache2 server — Part 16

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: Azure and AWS VPN Site-to-site Connection for EC2 (multi-cloud) using Terraform — Part 17

🚀 A step-by-step guide for AWS EC2 provisioning using Terraform: How to set up SSM ( AWS Systems Manager ) for EC2? — Part 18

and Much More …

--

--

Joel Wembo

I am a Cloud Solutions Architect at prodxcloud. Expert in AWS, AWS CDK, EKS, Serverless Computing and Terraform. https://www.linkedin.com/in/joelotepawembo