Skip to content

Instantly share code, notes, and snippets.

@rschuetzler
Last active November 13, 2024 09:46
Show Gist options
  • Save rschuetzler/793f478fa656cca57181261a266ec127 to your computer and use it in GitHub Desktop.
Save rschuetzler/793f478fa656cca57181261a266ec127 to your computer and use it in GitHub Desktop.
Using LetsEncrypt with Amazon Linux 2023
#!/usr/bin/env bash
# Place in .platform/hooks/postdeploy directory
sudo certbot -n -d YOURDOMAINHERE --nginx --agree-tos --email YOUREMAILHERE
# Place in .ebextensions directory at project root
container_commands:
00_install_deps:
command: "sudo dnf install python3 augeas-libs"
ignoreErrors: true
10_create_venv:
command: "sudo python3 -m venv /opt/certbot"
ignoreErrors: true
20_update_pip:
command: "sudo /opt/certbot/bin/pip install --upgrade pip"
ignoreErrors: true
30_install_certbot:
command: "sudo /opt/certbot/bin/pip install certbot certbot-nginx"
ignoreErrors: true
40_link_certbot:
command: "sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot"
ignoreErrors: true
# Place in .ebextensions directory
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0

Files to use LetsEncrypt on Elastic Beanstalk (Amazon Linux 2023)

If you want to use Elastic Beanstalk's free tier with a single instance, you can use LetsEncrypt to get a free SSL certificate for your instances. Placing these files inside the appropriate directories will let you automatically install a certificate with every deploy.

Inside of your code, you should have the following structure:

.
├── index.js
├── package-lock.json
├── package.json
├── .ebextensions
│   ├── 00_install_certbot.config
│   └── 10_open_https_port.config
└── .platform
    └── hooks
        └── postdeploy
            └── 00_get_certificate.sh

Credit to Marcos Escandell for the Amazon Linux 2 instructions that led me to here.

@rschuetzler
Copy link
Author

This alone would not. It will renew if you redeploy your beanstalk environment, or you could add a script to cron to run this on a schedule.

@AinurDevBr
Copy link

Do I need to reconfigure nginx to look at the new certificates or will these commands do it automatically?

@rschuetzler
Copy link
Author

@AinurDevBr certbot updates the nginx configuration automatically when used with the --nginx argument

@AinurDevBr
Copy link

@AinurDevBr certbot updates the nginx configuration automatically when used with the --nginx argument

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment