Certbot is an open-source command line tool that is used for getting certificates for self-hosted servers that are not already given HTTPS by their providers. Developed by Electronic Frontier Foundation (EFF), Certbot can help switch an existing HTTP website to HTTPS and renew the HTTPS certificate as required. In this blog, we will share how to Install Certbot on Ubuntu and AMI (Amazon Linux Images).

Certbot can be used with a server, whether on-premise or cloud-based, if it meets the following conditions:

• The server has a command line tool
• It has an HTTP website online and an open port 80
• It is a dedicated server/ virtual server/ cloud-hosted with SSH and sudo ability

Let’s start the step-by-step procedure to Install Certbot on Ubuntu and AMI.

How to Install Certbot on Ubuntu

Check if:

• Running Ubuntu > 18.04 with sudo privileges
• Apache server or domain name pointed at your server
• Port 80 and 443 are unused; if already used by the webserver service, then try to use Certbot webroot installation

INSTALLING CERTBOT

Step 1
Ubuntu recommends using snap packages for installation
sudo snap install core; sudo snap refresh core

Step 2
Delete any previous version of Certbot in the system
sudo apt remove certbot

Step 3
Install the Certbot
sudo snap install --classic certbot

Step 4
Link the Certbot command from the snap install directory to your path
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Step 5
Allow 443 port
sudo ufw allow 443

Step 6
Run Certbot to get certificates for different servers
sudo certbot certonly --standalone -d
sudo certbot --apache
sudo certbot --nginx
sudo certbot certonly --webroot

Step 7
Configure the application
sudo ls /etc/letsencrypt/live/your_domain

AUTO-RENEWAL

sudo nano /etc/letsencrypt/renewal/your_domain.conf
renew_hook= systemctl reload
sudo certbot renew -dry-run

Also Read: Golang, Node.js, or Python: Which is Best for Your Project?

How to Install Certbot on Amazon Linus 2

CREATE AMAZON LINUX AMI EC2 INSTANCE

Note: Creating an EC2 instance is not in the scope of this document. Please refer to this link.

SSH INTO EC2 INSTANCE

Step1
ssh -i username@
Or

Click Connect to login into your instance

sudo wget -r --no-parent -A 'epel-release-*.rpm'
https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/

Step2
sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm

Step3
sudo yum-config-manager --enable epel*
sudo yum repolist all

Step4
Edit the apache config file/etc/httpd/conf/httpd.conf. Locate the “Listen 80” directive and add the specific domain and subdomain details.

Step5
Save and restart Apache
sudo systemctl restart httpd

INSTALL AND RUN CERTBOT

Step1
Install Amazon extras repo for epel
sudo amazon-linux-extras install epel -y

Step2
Install Certbot packages and dependencies
sudo yum install -y certbot python2-certbot-apache

Step3
Run Certbot
sudo certbot

Step4
Enter the admin email address for Certbot communication

AUTO-RENEWAL

Step 1
Open /etc/crontab
sudo crontab -e
0 7 * * * /usr/bin/certbot renew

TEST SSL

https://www.ssllabs.com/ssltest/

 

References

• https://certbot.eff.org/
• https://eff-certbot.readthedocs.io/en/stable/
• https://docs.aws.amazon.com/efs/latest/ug/gs-step-one-create-ec2-resources.html
• https://crontab.guru/