Install certbot/letsencrypt on Amazon Linux 2 and enable HTTPS on nginx (similar process available for apache)
Asked
Active
Viewed 1.1k times
2 Answers
22
Install certbot
sudo yum update
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum-config-manager --enable epel
sudo yum install certbot python3-certbot-nginx
certbot --version
Generate certification
Use the following command to generate the certification and automatic let the certbot to modify the nginx configuration to enable https:
sudo certbot --nginx
or if you need only the certification, use the following command:
sudo certbot certonly --nginx
The certification will be created on the folder
/etc/letsencrypt/live/YOUR_SITE_NAME/
for example:
Certification
/etc/letsencrypt/live/www.my-site.com/cert.pem
Private key
/etc/letsencrypt/live/www.my-site.com/privkey.pem
Enable automatic renewal
Use the following command to enable automatic renewal of the certification:
sudo certbot renew --dry-run
Errors i have encourred
If during certification creation an error like the following appears:
"Could not choose appropriate plugin: The requested nginx plugin does not appear to be installed"
then run the command
sudo yum install certbot python-certbot-nginx
and retry to create the certification.
Notes
For apache, you can use python2-certbot-apache instad of python2-certbot-nginx,
make sure your using the option --apache instead of --nginx during the creation of the certification.
DNS must be configured to point to your macchine, othrewise the check of the certbot will fails.
Majico
- 475
- 1
- 6
- 20
-
Thanks, this was very helpful. I could not find `python3-certbot-nginx` but only `python2-certbot-nginx`. I think that needs to be changed in the first code block above. Some instructions for installing automatic renewal would be great. – Alex Voss May 21 '23 at 18:27
-
4This does not work with Amazon Linux 2023. I get an error when trying to install epel: Error: Problem: conflicting requests - nothing provides redhat-release >= 7 needed by epel-release-7-14.noarch – Matt Hovey Jun 19 '23 at 19:41
-
@MattHovey just in case you feel lonely, I am currently dealing with the exact same issue. – Owen Easter Jun 21 '23 at 07:13
-
1@MattHovey this guide works only with Amazon Linux 2, if you're using Amazon Linux 2023 please take a look into this [discussion](https://repost.aws/questions/QUIMw8IWHSQz6W5tGv3WO1qA/problem-conflicting-requests-nothing-provides-redhat-release-7-needed-by-epel-release-7-14-noarch?sc_ichannel=ha&sc_ilang=en&sc_isite=repost&sc_iplace=hp&sc_icontent=QUIMw8IWHSQz6W5tGv3WO1qA&sc_ipos=18) on aws. TLDR; You can follow the official certbot pip instructions [here](https://certbot.eff.org/instructions?ws=nginx&os=pip), just tested looks working fine. – Majico Jun 21 '23 at 10:08
-
From the aws documentation: [Extra Packages for Enterprise Linux (EPEL) is a project in the Fedora community with the objective of creating a large array of packages for enterprise-level Linux operating systems. The project has primarily produced RHEL and CentOS packages. Amazon Linux 2 features a high level of compatibility with CentOS 7. As a result, many EPEL7 packages work on Amazon Linux 2. However, AL2023 doesn't support EPEL or EPEL-like repositories.](https://docs.aws.amazon.com/linux/al2023/ug/compare-with-al2.html#epel) – Majico Jun 21 '23 at 10:09
3
In July 2023, Amazon Linux 2 Doesn't support epel repos. You can however use the python package if you're able to ssh into the machine.
Like so:
sudo pip3 install certbot certbot-nginx
# then execute
sudo /usr/local/bin/certbot --nginx -d ilovetoast.com www.ilovetoast.com
references:
rimraf
- 3,925
- 3
- 25
- 55