Uncategorized

Enable HTTPS on Amazon EC2 WordPress for FREE!

Enable HTTPS on Amazon EC2 WordPress website with auto-renewal configured

Wondering how to enable HTTPS green padlock on your Amazon EC2 WordPress website and that too for free? You’ve come to the right place. We will perform all the steps from scratch!

First of all, I would like to tell you that I have tried these steps on the stack with below details:

  1. An EC2 instance with an ElasticIP running WordPress 4.9.5
  2. Apache 2.4 (httpd)
  3. The MySQL DB is also running on the same EC2 instance.
  4. The EC2 instance is running Amazon Linux 2 OS (RHEL Based).  Just login to the EC2 instance and it will show you the name of the OS in the first few lines of auto-printed output.

Prerequisites

  1. The WordPress should be up and running on your EC2 instance. If you are not sure how, then follow this post to set it up in 2-3 minutes.
  2. You should already have a domain name either with Route53 or with any other DNS provider e.g. GoDaddy, BlueHost etc.
  3. So, bottomline – Your website is up on your EC2 instance however, it’s unfortunately just http and not https.
  4. Please also note that if you have chosen Route53 to be your DNS provider + Registrar, you can get the Public SSL certificates for free using AWS Certificate Manager service (ACM) but the downside is, at this point the ACM just support few services which do not include EC2 for now. See this post for more info.
  5. We are going to use LetsEncrypt which recommends Cerbot
  6. At this point Certbot cannot run if you do not have any virtual hosts configured on your web-server.
    1. To check if you have any virtual hosts configured, type httpd -S , if you do not see anything as shown in the red box in below screenshot, dont worry, that’s because you have not yet configured any virtual host, but we will do that in some time:
    2. Now, put a very basic virtual host configuration so that we do not face any issue with the later steps by following next few steps:
    3. run this command to see if the virtualhost configuration file will be read by the Apache server or not – grep IncludeOptional /etc/httpd/conf/httpd.conf
    4. If you see something like IncludeOptional conf.d/*.conf we are good.
    5. Now create a file with the name domainname.conf in this location, in my case, the domain name is startedlate so the file is startedlate.conf and the location is /etc/httpd/conf.d/startedlate.conf
    6. Once done, make sure that the file has the following contents:
    7. [root@SOMEIP ec2-user]# cat /etc/httpd/conf.d/startedlate.conf
      <VirtualHost *:80>
      ServerName startedlate.com
      ServerAlias www.startedlate.com
      </VirtualHost>
    8. Congratulations, you have made the virtual host.
    9. Once done, restart your Apache by running sudo service httpd restart
    10. Please confirm that the when now you type in httpd -S you are seeing the server name as shown in the red square in the above screenshot since this will be used to request the certificate and the certificate will be issued to this name (SNAME).

What we are going to use is LetsEncrypt. Quoting LetsEncrypt:

We recommend that most people with shell access use the Certbot ACME client. It can automate certificate issuance and installation with no downtime. It also has expert modes for people who don’t want autoconfiguration. It’s easy to use, works on many operating systems, and has great documentation. Visit the Certbot site to get customized instructions for your operating system and web server.

What we are essentially going to follow is the “Appendix: Let’s Encrypt with Certbot on Amazon Linux 2” of this post, with some changes:

So, here are the steps to make sure that we end up successfully see green padlock and enable https on amazon ec2:

  1. Make sure that the Prerequisites which are mentioned above are met.
  2. Make sure your are ec2-user by typing `whoami`
  3. Switch to ec2-user’s home directory by typing cd (Now I am just typing the commands and for the details you can refer to the Appendix link mentioned above)
  4. [ec2-user ~]$ sudo wget -r --no-parent -A 'epel-release-*.rpm' http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
  5. [ec2-user ~]$ sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
  6. [ec2-user ~]$ sudo yum-config-manager --enable epel*
  7. Please SKIP step 2 in “Prepare to Install” section since we have already done the configuration of virtual host.
  8. [ec2-user ~]$ sudo systemctl restart httpd
  9. [ec2-user ~]$ sudo yum install -y certbot python2-certbot-apache
  10. [ec2-user ~]$ sudo certbot
  11. If you see what’s mentioned in Step4 of this article under section “Install and Run Certbot” , you should be good and just have to follow until Step 9.
  12. In case you receive an error by certbot saying:
  13. AH00526: Syntax error on line 100 of /etc/httpd/conf.d/ssl.conf:
    SSLCertificateFile: file ‘/etc/pki/tls/certs/localhost.crt’ does not exist or is empty
  14. In the above case, just regenerate the default self-signed certificate using OpenSSL by using this command:
  15. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt
  16. Then run the sudo certbot again and continue till the end as mentioned earlier.
  17. For some other error messages e.g. “Sorry, I don’t know how to bootstrap Certbot on your Operating System!” follow this article.

This is how you enable https on amazon ec2!  Happy HTTPSing!

Leave a Reply

Your email address will not be published. Required fields are marked *

19 − eight =