1

I'm setup a server for testing in AWS EC2 and I can't secure the default domain.

I'm following this tutorial https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html

I've install:

  • Apache
  • SSL

now I'm trying to secure with Let's encrypt the default domain and use it for testing.

I'm using this specific instructions:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt

I've also tried this ones:

https://certbot.eff.org/lets-encrypt/centosrhel7-apache

It seems that I manage to install the Epel repo as you can see from the screenshot but I cannot install certbot

repos list

it gave me an error about python, it seems that I need python 2.6 instead of Python 2.7.

python errors

How can I install let's encrypt and secure the default domain?

Seba
  • 167
  • 10

2 Answers2

1

"How can I install let's encrypt and secure the default domain?"

If by "default domain" you mean the Public DNS created for the EC2 instance, for example:

ec2-10.10.10.10.us-west-1.compute.amazonaws.com

Then I don't believe you can use Let's Encrypt to issue certs for this domain.

It appears amazonaws.com TLD is blacklisted due to the ephemeral nature of EC2. In other words, Let's Encrypt can issue you a cert for your instance's subdomain which you own today, but tomorrow it might be owned by somebody else. I assume this is incongruent with the identity aspect of CA certs.

To use Let's Encrypt with EC2 you will need to register a domain and create an DNS A record in your domain host which points to your EC2 instance's IPv4 Public IP.

Ref: https://community.letsencrypt.org/t/policy-forbids-issuing-for-name-on-amazon-ec2-domain/12692

fugolmere
  • 11
  • 1
  • yes, i was meant to use that domain for testing. OK i will need to check if we have a free domain that we own but we don't use at the moment in our DNS registar. Thank you – Seba Feb 27 '19 at 08:16
0

in the end I used this instructions to install let's encrypt as I cannot solve the problem with Epel and the dependencies.

https://www.tecmint.com/install-lets-encrypt-ssl-certificate-to-secure-apache-on-rhel-centos/

I don't test the auto renew as this server will be shut down in less than a month but the SSL is issued correctly and, thanks to @fugolmere to let me know about LE and the default domain (I used a free domain that we don't use at the moment).

Seba
  • 167
  • 10