How do I install an SSL/TLS certificate for my NGINX server on Amazon Linux?

3 minute read
0

I want to install an SSL/TLS certificate for an NGINX server on Amazon Linux.

Resolution

Install an SSL/TLS certificate for your NGINX server

Note: Your Amazon Machine Image (AMI) or operating system (OS) version might require additional steps or commands to install an SSL/TLS certificate for an NGINX server.

To install an SSL/TLS certificate for your NGINX server on Amazon Linux, use a trusted certificate authority (CA), such as Let's Encrypt. For more information, see Getting started on the Let's Encrypt website.

If you choose Let's Encrypt to install and configure the SSL/TLS certificate, then you must use the Certbot tool. For more information, see About Cerbot on the Certbot website.

Note: If you use certificates from another third-party domain provider, then follow the steps that the vendor provides to download certificates.

To install the Certbot tool and request a certificate, run the following commands:

Amazon Linux 2023:

    $ sudo dnf install certbot
    $ sudo certbot certonly 

Amazon Linux 2:

    $ sudo amazon-linux-extras install epel -y
    $ sudo yum update -y --skip-broken
    $ sudo  yum install -y certbot
    $ sudo certbot certonly 

Follow the prompts to complete the certificate request process. The certificate files are stored in a directory that's similar to /etc/letsencrypt/live/example-domain.com.

Configure NGINX to use the SSL/TLS certificate

Complete the following steps:

  1. To create a backup of the existing NGINX configuration file, run the following command:

    $ sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
    

    Note: The default location for the NGINX configuration file is /etc/nginx/nginx.conf, /etc/nginx/conf.d/default.conf or /etc/nginx/sites-available/default.

  2. Use a text editor to open the NGINX configuration file that contains the SSL/TLS certificate and key file paths.
    Example output:

    server {
             listen 443 ssl;
             listen [::]:443 ssl;
             server_name your-domain.com;
             ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
             ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
             location /
    }
    

    Note: Replace your-domain.com with the name of your domain.

  3. To automatically redirect all HTTP traffic to HTTPS, add the following lines in the server block:

    server { 
     listen 80; 
     server_name your-domain.com; 
     return 301 https://$server_name$request_uri; 
     }
  4. To validate the configuration and restart the NGINX service, run the following commands:

    $ sudo nginx -t
    $ sudo systemctl restart nginx

Note: It's a best practice to back up your current SSL/TLS certificates and NGINX configurations. Check that NGINX has the necessary permissions to read the new certificate files.

Related information

Configuring HTTPS servers on the NGINX website

Secure your Lightsail Nginx website with Let's Encrypt SSL/TLS

Step 3: Configure the web server

AWS OFFICIAL
AWS OFFICIALUpdated 3 months ago