I want to install a Let's Encrypt certificate on my Amazon Lightsail instance. How do I install the Certbot package in my instance so that I can install the certificate?
Short description
Lightsail instances with Bitnami stacks, such as WordPress, LAMP, and so on, have their own installation tool called bncert-tool. This tool is used for installing the Let's Encrypt certificate. Blueprints such as cPanel and Plesk also have their own tools for this purpose. These instances don't need the Certbot package.
However, installation on other Lightsail instance blueprints, such as Ubuntu, Amazon Linux 2, and so on, require the Certbot package.
For information on installing a Let's Encrypt certificate after installing the Certbot package, see How do I install a standard Let's Encrypt SSL certificate in a Lightsail instance?
Resolution
All Linux distributions except Amazon Linux 2 and FreeBSD can use snapd to install the Certbot tool. If you have any Certbot packages installed using an OS package manager such as apt, dnf, or yum, remove them before installing the Certbot snap. This makes sure that when you run the Certbot command, the snap is used rather than the installation from your OS package manager. The exact command you need to run to do this depends on your OS. The following are common examples of the command that you can use to remove Certbot package:
sudo apt-get remove certbot
sudo dnf remove certbot
sudo yum remove certbot
Run the following commands to install the Certbot tool:
Amazon Linux 2
sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install -y certbot
Note: If you're using Method 1 to install a wildcard Let's Encrypt SSL certificate, then run the following commands as well to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.
sudo yum install -y python2-certbot-dns-route53
If you get botocore compatibility errors while running the Certbot command, then reinstall boto-core with pip.
sudo pip uninstall botocore boto3 && sudo pip install boto3
Ubuntu 16.04, 18.04 and 20.04
sudo snap install core;
sudo snap refresh core;
sudo snap install --classic certbot
Note: If you're using Method 1 to install a wildcard Let's Encrypt SSL certificate, then run the following commands as well to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53
Debian 10.8, 9.13, 8.7
sudo apt install snapd -y
sudo snap install core;
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /sbin/certbot
Note: If you're using Method 1 to install a wildcard Let's Encrypt SSL certificate, then run the following commands to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.
sudo snap install --beta --classic certbot
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53
CentOS 7.9
sudo yum install epel-release
sudo yum-config-manager --enable cr
sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
sudo snap install --classic certbot
sudo ln -s /var/lib/snapd/snap/bin/certbot /sbin/certbot
Note: If you're using Method 1 to install a Wildcard Let's Encrypt SSL certificate, then run the following commands to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53
CentOS 8.2
sudo dnf install epel-release
sudo dnf upgrade
sudo dnf config-manager --enable cr
sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
sudo snap install --classic certbot
sudo ln -s /var/lib/snapd/snap/bin/certbot /sbin/certbot
Note: If you're using Method 1 to install a wildcard Let's Encrypt SSL certificate, then run the following commands to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53
OpenSUSE 15.2
sudo zypper addrepo --refresh https://download.opensuse.org/repositories/system:/snappy/openSUSE_Leap_15.2 snappy
sudo zypper --gpg-auto-import-keys refresh
sudo zypper dup --from snappy
sudo zypper install snapd
sudo systemctl enable --now snapd
sudo zypper in -t pattern apparmor
sudo snap install core;
sudo snap refresh core;
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Note: If you're using Method 1 to install a wildcard Let's Encrypt SSL certificate, then run the following commands to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53
FreeBSD 12.2
su
pkg install py38-certbot
Note: If you're using Method 1 to install a wildcard Let's Encrypt SSL certificate, then run the following commands to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.
pkg install py38-certbot-dns-route53