Z-Car

The LetsEncrypt Certbot is an awesome tool for getting and maintaining SSL certificates for your sites.  In most cases, it is extremely easy to setup and maintain.  However, installing it on Amazon’s proprietary Linux server in EC2, it often fails.  These are the steps I took to get it to install properly in my environment.  

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
sudo yum install libffi-devel
sudo yum install openssl-devel
sudo chown -R ec2-user:ec2-user .well-known/
./certbot-auto –no-self-upgrade –no-bootstrap

After performing these commands, you should now be able to use Certbot as you would normally.

Certbot will place your completed SSL certs in the following paths.

• Certificate: /etc/letsencrypt/live/YOUR_WEBSITE_HERE/cert.pem
• Full Chain: /etc/letsencrypt/live/YOUR_WEBSITE_HERE/fullchain.pem
• Private Key: /etc/letsencrypt/live/YOUR_WEBSITE_HERE/privkey.pem

To setup auto renew, you will need to add the following line to your crontab file.  Make sure you are running as root when you do so using sudo su.

Adding this  line will run the renewal process twice per day.

0 2,14 * * * /home/ec2-user/certbot-auto renew

 If you have any issues, leave a message in the comments so we can help.