AWS EC2 Web Server And Let's Encrypt

- 2 mins read

I started a project that I wanted to test to see if I could do it; mainly for a domain I have owned for many years that is currently not being used, edwardcrosby.com. The idea was to use the free tier version of an AWS EC2 instance (free for only the first year) in their version of a Fedora Server virtual machine called Amazon Linux 2023. I setup that server and then completed the following.

*NOTE: If you’re curious on how to setup an AWS EC2 instance, there is a ton of documentation, both on user blogs and on Amazon’s own documentation site, on how to do it. These are the steps on setting up a web server and using Certbot to generate and manage the Let’s Encrypt SSL cert:

**NOTES: My steps were based on this article from Amazon’s documentation. The following steps assume a domain has been purchased and DNS hostname (A record) is pointing to the AWS EC2 instance public IP address. The steps were ran as root on the EC2 instance.

  1. Install and enable httpd (with ssl package)

    dnf install httpd mod_ssl -y

    systemctl enable --now httpd

  2. For additional security, installed, enabled and configured firewalld (At some point, I may even setup Fail2Ban)

    dnf install firewalld -y

    systemctl enable --now firewalld

    firewall-cmd --permanent --add-service=http

    firewall-cmd --permanent --add-service=https

    firewall-cmd --reload

  3. Created my site directory here:

    /var/www/"sitename"

  4. Ensured the directory had the proper permissions

  5. Placed all site files (generated by Hugo) in the newly created directory

  6. Tested non-https to confirm site access

  7. Installed all necessary packages for Certbot and enabled the service

    dnf install -y certbot python3-certbot-dns-route53 python3-certbot-apache

    systemctl daemon-reload

    systemctl enable --now certbot-renew.timer

  8. Created site conf file in /etc/httpd/conf.d/ (“sitename”.conf) and added the following:

    	DocumentRoot "/var/www/"sitename"/"
	ServerName "sitename".com
	ServerAlias www."sitename".com
	CustomLog /var/log/httpd/"sitename"_access.log combined
	ErrorLog /var/log/httpd/"sitename"_error.log
	RewriteEngine on
	RewriteCond %{SERVER_NAME} ="sitename".com [OR]
	RewriteCond %{SERVER_NAME} =www."sitename".com
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>```

  9. Then ran the certbot request command and answered questions:

    certbot --apache

Once the wizard completed a new conf file was created in /etc/httpd/conf.d/ (“sitename”-le-ssl.conf) with the following entry:

```<IfModule mod_ssl.c>
<VirtualHost *:443>
	DocumentRoot "/var/www/"sitename"/"
	ServerName "sitename".com
	ServerAlias www."sitename".com
	CustomLog /var/log/httpd/"sitename"_access.log combined
	ErrorLog /var/log/httpd/"sitename"_error.log

	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateFile /etc/letsencrypt/live/"sitename".com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/"sitename".com/privkey.pem
</VirtualHost>
</IfModule>```

  1. Run the following command to verify the certificate

    certbot certificates

If you have any questions or comments, please feel free to send me an email noted in my About page.