Setup an SSL certificate on an EC2 instance

linux ssl amazon-ec2 amazon-web-services ssl-certificate
22,439

Solution 1

Sometimes this section

<VirtualHost _default_:443>

prevents your real SSL certificate from being used. If this is the case either comment VirtualHost default or move the SSLCertificate* attributes to it, ie.

<VirtualHost _default_:443>
  SSLCertificateKeyFile /etc/ssl/mydomain_com.key
  SSLCertificateFile /etc/ssl/mydomain_com.crt
  SSLCertificateChainFile /etc/ssl/mydomain_com.ca-bundle
</VirtualHost>

Make sure you restart apache after that.

Solution 2

Amazon now provide a certificate manager! (for free)

If you use Elastic Beanstalk this is the new way to do: It's free, You avoids errors due to the configuration and it's a better choice on a performance point of vue:

Because ELB supports SSL offload, deploying a certificate to a load balancer (rather than to the EC2 instances behind it) will reduce the amount of encryption and decryption work that the instances need to handle.

from the doc:

The new AWS Certificate Manager (ACM) is designed to simplify and automate many of the tasks traditionally associated with management of SSL/TLS certificates. ACM takes care of the complexity surrounding the provisioning, deployment, and renewal of digital certificates! Certificates provided by ACM are verified by Amazon’s certificate authority (CA), Amazon Trust Services (ATS).

Even better, you can do all of this at no extra cost. SSL/TLS certificates provisioned through AWS Certificate Manager are free!

ACM will allow you to start using SSL in a matter of minutes. After your request a certificate, you can deploy it to your Elastic Load Balancers and your Amazon CloudFront distributions with a couple of clicks. After that, ACM can take care of the periodic renewals without any action on your part.

the doc:

https://aws.amazon.com/fr/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/

Share:
22,439
style-sheets
Author by

style-sheets

Updated on December 08, 2020

Comments

  • style-sheets
    style-sheets over 3 years

    I'm having hard time trying to setup an SSL certificate (it's a Comodo PositiveSSL purshased from NameCheap) on my EC2 micro instance (I'm using Amazon Linux AMI 2012.3, which is based on CentOS if I'm not mistaken).

    Here's what I did:

    1. I installed mod_ssl & OpenSSL

    2. I enabled port 443 on my EC2's instance security group

    3. I CHMODed the *.key & *.crt files to 777 as Comodo suggested

    4. I'm certain the IP address & files path are correct (put a bunch of 0s in the example but it is correct in my ssl.conf)

    5. I added this VirtualHost entry to ssl.conf

    <VirtualHost 00.000.000.00:443>
   ############# I tried both with & without this section ##############
   ServerName www.mydomain.com:443

   ServerAlias www.mydomain.com
   DocumentRoot /var/www
   ServerAdmin [email protected]
   ######################################################################

   SSLEngine on
   SSLCertificateKeyFile /etc/ssl/mydomain_com.key
   SSLCertificateFile /etc/ssl/mydomain_com.crt
   SSLCertificateChainFile /etc/ssl/mydomain_com.ca-bundle
</VirtualHost>

    Then I restarted apache...but I stil cannot access https://www.mydomain.com/ !!!

    I checked with ssltool.com, it says

    The Common Name on the certificate is: ip-00-00-00-000

The certificate chain consists of:
SomeOrganization, ip-00-00-00-000. Expires on: Apr 10 13:39:41 2013 GMT - that's 363 days from today.
The site tested mydomain.com is NOT the same as the Subject CN ip-00-00-00-000!.

    I even went & copied the VistualHost to httpd.conf instead of ssl.conf & restarted apache, all in vain.

    I've been banging my head against the wall for days now. I'm pretty sure I'm missing a tiny something to make this work, I just don't know what exactly.

    I'd be infinitely grateful if someone can suggest something to make this work!

  • tony gil
    tony gil about 11 years
    right on! UPVOTED! btw, tks 4 the edit regarding route53 pricing!
  • RonnyKnoxville
    RonnyKnoxville over 10 years
    And dont forget that you only put SSL information on port 443 virtual hosts. Seems obvious, but it can trip you up when theres so much else to do and you miss the small things!
  • urfusion
    urfusion almost 9 years
    I have got two .crt files and no one is using name as "yourdomain.crt". Which one I have to use.
  • Tom
    Tom over 8 years
    However it is only possible to deploy a certificate from the ACM to ELB and cloudfront as of today. So not possible on an EC2, the user would have to create an ELB in front of his EC2 instance, which he may not want. Good point though
  • hriziya
    hriziya over 8 years
    I read somewhere that it is not available in all Region of AWS yet!
  • NineCattoRules
    NineCattoRules about 7 years
    @HiteshRiziya it's now supported in all regions

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Download SSL certificate from aws certificate manager
AWS Load Balancer: 503 (Service Unavailable: Back-end server is at capacity)
AWS Ec2 - Scp File Transfer Permission Denied
SSH to AWS EC2 issue - key_load_public: No such file or directory
Amazon Linux AMI EC2- Missing packages
Getting "SSL_connect returned=1 errno=0 state=error: certificate verify failed" when connecting to S3
AWS Lambda permission denied when trying to use ffmpeg
How to avoid "Welcome to emergency mode!"
Installing ffmpeg in Amazon Linux
Yum Install software-properties-common on EC2