{"id":651,"date":"2020-04-03T02:54:55","date_gmt":"2020-04-03T02:54:55","guid":{"rendered":"https:\/\/www.antpace.com\/blog\/?p=651"},"modified":"2025-08-25T14:03:05","modified_gmt":"2025-08-25T14:03:05","slug":"secure-a-website-with-ssl-and-https-on-aws","status":"publish","type":"post","link":"https:\/\/www.antpace.com\/blog\/secure-a-website-with-ssl-and-https-on-aws\/","title":{"rendered":"Secure a Website with SSL and HTTPS on AWS"},"content":{"rendered":"<p><a href=\"https:\/\/www.antpace.com\/blog\/website-on-aws\/\">My last post was about launching a website onto AWS<\/a>. This covered launching a new EC2 instance, configuring a security group, installing LAMP software, and pointing a domain at the new instance. The only thing missing was to configure SSL and HTTPS.<\/p>\n<p>Secure Sockets Layer (SSL) encrypts traffic between a website and its server. HTTPS is the protocol to deliver secured data via SSL to end-users.<\/p>\n<p>In my last post, I already allowed all traffic through port 443 (the port that HTTPS uses) in the security group for my EC2 instance. Now I&#8217;ll install software to provision SSL certificates for the server.<\/p>\n<h2>Certbot<\/h2>\n<p>Certbot is free software that will communicate with <a href=\"https:\/\/letsencrypt.org\/\">Let&#8217;s Encrypt<\/a>, an SSL certificate authority, to automate the management of encryption certificates.<\/p>\n<p>Before downloading and installing Certbot, we&#8217;ll need to install some dependencies (Extra Packages for Enterprise Linux). SSH into the EC2 instance that you want to secure, and run this command in your home directory (\/home\/ec2-user):<\/p>\n<pre>sudo wget -r --no-parent -A 'epel-release-*.rpm' http:\/\/dl.fedoraproject.org\/pub\/epel\/7\/x86_64\/Packages\/e\/<\/pre>\n<p>Then install it:<\/p>\n<pre>sudo rpm -Uvh dl.fedoraproject.org\/pub\/epel\/7\/x86_64\/Packages\/e\/epel-release-*.rpm<\/pre>\n<p>And enable it:<\/p>\n<pre>sudo yum-config-manager --enable epel*<\/pre>\n<p>Now, we&#8217;ll need to edit the Apache (our web hosting software) configuration file. Mine is located here:\u00a0<em>\/etc\/httpd\/conf\/httpd.conf<\/em><\/p>\n<p>You can use the <a href=\"https:\/\/www.nano-editor.org\/dist\/v2.2\/nano.html\" target=\"_blank\" rel=\"noopener\">Nano<\/a> CLI text editor to make changes to this file by running:<\/p>\n<pre>sudo nano \/etc\/httpd\/conf\/httpd.conf<\/pre>\n<p>Scroll down a bit, and you&#8217;ll find a line that says &#8220;Listen 80&#8221;. Paste these lines below (obviously, changing <em>antpace.com<\/em> to your own domain name)<\/p>\n<pre>&lt;VirtualHost *:80&gt;\n    DocumentRoot \"\/var\/www\/html\"\n    ServerName \"antpace.com\"\n    ServerAlias \"www.antpace.com\"\n&lt;\/VirtualHost&gt;\n<\/pre>\n<p>Make sure you have an A record (via Route 53) for both\u00a0<em>yourwebsite.com\u00a0<\/em><strong>AND<\/strong>\u00a0<em>www.yourwebsite.com<\/em> with the value set as your EC2 public IP address.<\/p>\n<p>After saving, you&#8217;ll need to restart the server software:<\/p>\n<pre>sudo systemctl restart httpd\n<\/pre>\n<p>Now we&#8217;re ready for Certbot. Install it:<\/p>\n<pre>sudo yum install -y certbot python2-certbot-apache<\/pre>\n<p>Run it:<\/p>\n<pre>sudo certbot<\/pre>\n<p>Follow the prompts as they appear.<\/p>\n<h2>Automatic renewal<\/h2>\n<p>Finally, schedule an automated task (a cron job) to renew the encryption certificate as needed. If you don&#8217;t do this part, HTTPS will fail for your website after a few months. Users will receive an ugly warning, telling them that your website is not secure. <strong>Don&#8217;t skip this part!<\/strong><\/p>\n<p>Run this command to open your cron file:<\/p>\n<pre>sudo nano \/etc\/crontab<\/pre>\n<p>Schedule Certbot to renew everyday, at 4:05 am:<\/p>\n<pre>05 4 * * * root certbot renew --no-self-upgrade<\/pre>\n<p>Make sure your cron daemon is running:<\/p>\n<pre>sudo systemctl restart crond<\/pre>\n<p>That&#8217;s it! Now your website, hosted on EC2 will support HTTPS. Next, we&#8217;ll force all traffic to use it.<\/p>\n<p>* <a href=\"https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/SSL-on-amazon-linux-2.html\" target=\"_blank\" rel=\"noopener\">AWS Documentation Reference<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><strong data-start=\"136\" data-end=\"159\">Update (June 2025):<\/strong> Since publishing this guide, I revisited the SSL setup on a legacy EC2 instance running Amazon Linux 2 and found a faster, cleaner process. This time, I used <code data-start=\"318\" data-end=\"336\">certbot --apache<\/code> with Amazon Linux Extras to install Certbot directly from the EPEL repository, which streamlined certificate generation and automatic Apache config updates. Rather than manually editing the Apache config or setting up symbolic links, Certbot handled everything\u2014including HTTPS redirects\u2014with a few prompts. I also confirmed that Amazon Linux 2 doesn&#8217;t automatically schedule renewals via <code data-start=\"725\" data-end=\"734\">systemd<\/code>, so I added a simple cron job to ensure the certificate auto-renews. This approach is quicker, more reliable, and avoids the need for low-level configuration tweaks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>My last post was about launching a website onto AWS. This covered launching a new EC2 instance, configuring a security group, installing LAMP software, and pointing a domain at the new instance. The only thing missing was to configure SSL and HTTPS. Secure Sockets Layer (SSL) encrypts traffic between a website and its server. HTTPS &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.antpace.com\/blog\/secure-a-website-with-ssl-and-https-on-aws\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Secure a Website with SSL and HTTPS on AWS&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":3167,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[8,12,21,68,113,124],"class_list":["post-651","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web-development","tag-apache","tag-aws","tag-certbot","tag-https","tag-security","tag-ssl"],"_links":{"self":[{"href":"https:\/\/www.antpace.com\/blog\/wp-json\/wp\/v2\/posts\/651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.antpace.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.antpace.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.antpace.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.antpace.com\/blog\/wp-json\/wp\/v2\/comments?post=651"}],"version-history":[{"count":1,"href":"https:\/\/www.antpace.com\/blog\/wp-json\/wp\/v2\/posts\/651\/revisions"}],"predecessor-version":[{"id":3168,"href":"https:\/\/www.antpace.com\/blog\/wp-json\/wp\/v2\/posts\/651\/revisions\/3168"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.antpace.com\/blog\/wp-json\/wp\/v2\/media\/3167"}],"wp:attachment":[{"href":"https:\/\/www.antpace.com\/blog\/wp-json\/wp\/v2\/media?parent=651"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.antpace.com\/blog\/wp-json\/wp\/v2\/categories?post=651"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.antpace.com\/blog\/wp-json\/wp\/v2\/tags?post=651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}