Step 1: Install the SSL add-on for Apache

  • Log into the EC2 instance using SSH and then run the following command as super user
    yum install mod24_ssl
  • Restart the web server
    service httpd restart

— Step 2: Setup the vhost.conf file

  • Edit the vhost.conf file
     vi /etc/httpd/conf.d/vhost.conf
  • Copy the code below and change out all of the example.factorydev.net for the folder you created in step 2.
    #
    # Example
    #
    <VirtualHost *:80>
    
        ServerName example.com
        ServerAlias www.example.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
    
        <Directory /var/www/html>
         Options Indexes FollowSymLinks MultiViews
         AllowOverride All
         Order allow,deny
         allow from all
        </Directory>
    
    </VirtualHost>
    
    <VirtualHost *:443>
    
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/localhost.crt
        SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
        <Directory /var/www/html>
            AllowOverride All
        </Directory>
        DocumentRoot /var/www/html
        ServerName example.com
        ServerAlias www.example.com
    
    </VirtualHost>
  • Restart the web server
    service httpd restart

— Step 3: Install a SSL Certificate from Lets Encrypt

  • Install Python
    yum install python27-devel git
  • Clone the git repository to the server
    git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
  • Run the Lets Encrypt installer
    /opt/letsencrypt/letsencrypt-auto --debug
  • At the first prompt enter the email support@spokesmarketing.com
  • Type A and press enter to agree to the Terms of Service
  • Type N and press enter
  • Press enter to choose all domain names
  • Type 2 and press enter to redirect all HTTP to HTTPS
  • Create the Lets Encrypt config file by entering the following two lines
    echo "rsa-key-size = 4096" >> /etc/letsencrypt/config.ini
    echo "email = support@spokesmarketing.com" >> /etc/letsencrypt/config.ini
  • Setup the auto renewal of the certificate cron job
    vi /etc/crontab
  • Add these two lines at the end of the crontab file
    # Renew SSL Certs
    0 13 * * * ec2-user /opt/letsencrypt/letsencrypt-auto --no-bootstrap renew
    # Refresh Server
    10 13 * * * root /etc/init.d/httpd restart > /dev/null 2>&1
  • Restart the Apache web server
    service httpd restart

— Troubleshooting

ImportError: No module named interface
unset PYTHON_INSTALL_LAYOUT
rm -rf /opt/eff.org

Then re-run

/opt/letsencrypt/letsencrypt-auto --debug
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
sudo /opt/letsencrypt/letsencrypt-auto --debug --authenticator webroot --webroot-path /var/www/html --installer apache -d domain.com -d www.domain.com

Start typing and press Enter to search