What is Let’s Encrypt?
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
The key principles behind Let’s Encrypt are:
- Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
- Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
- Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
- Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
- Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
Before following this tutorial be sure to configure your EC2 instance with an elastic IP and attach a standard domain name to it. When you visit the domain name you should see your EC2 site but the beginning of the URL will remain HTTP.
Install Letsencrypt scripts. Replace something.com with your domain name.
git clonecd letsencrypt ./letsencrypt-auto certonly -w /home/bitnami/htdocs -d something.com
-w is where your webroot is located and the multiple -d flags are for the domains that you want to secure. You can secure multiple domains such as this.something.com
The cert files are written to /etc/letsencrypt/live
Now update Apache to use the new certificates
sudo vim /home/bitnami/stack/apache2/conf/bitnami/
Comment out the default SSL Certificate lines so that you are left with the following 3 lines.
SSLCertificateFile "/etc/letsencrypt/live/" SSLCertificateKeyFile "/etc/letsencrypt/live/ " SSLCertificateChainFile "/etc/letsencrypt/live/ "
Restart the LAMP stack.
Now when you visit your site you will see the green padlock and SSL working.
To renew your LetsEncrypt certificate, go to the place where you installed the LetsEncrypt client.
Then restart your web server and you should see the renewed certificate being served to your site visitors.