How to enable HTTPS with certobot/letsencrypt on Amazon Linux 2 with nginx

Question

Install certbot/letsencrypt on Amazon Linux 2 and enable HTTPS on nginx (similar process available for apache)

Answer 1

Install certbot

sudo yum update
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum-config-manager --enable epel
sudo yum install certbot python3-certbot-nginx
certbot --version

---

Generate certification

Use the following command to generate the certification and automatic let the certbot to modify the nginx configuration to enable https:

sudo certbot --nginx

or if you need only the certification, use the following command:

sudo certbot certonly --nginx

The certification will be created on the folder

/etc/letsencrypt/live/YOUR_SITE_NAME/

for example:

Certification

/etc/letsencrypt/live/www.my-site.com/cert.pem

Private key

/etc/letsencrypt/live/www.my-site.com/privkey.pem

---

Enable automatic renewal

Use the following command to enable automatic renewal of the certification:

sudo certbot renew --dry-run

---

Errors i have encourred

If during certification creation an error like the following appears:

"Could not choose appropriate plugin: The requested nginx plugin does not appear to be installed"

then run the command

sudo yum install certbot python-certbot-nginx

and retry to create the certification.

Notes

For apache, you can use python2-certbot-apache instad of python2-certbot-nginx, make sure your using the option --apache instead of --nginx during the creation of the certification.

DNS must be configured to point to your macchine, othrewise the check of the certbot will fails.

Answer 2

In July 2023, Amazon Linux 2 Doesn't support epel repos. You can however use the python package if you're able to ssh into the machine.

Like so:

sudo pip3 install certbot certbot-nginx

# then execute
sudo /usr/local/bin/certbot --nginx -d ilovetoast.com www.ilovetoast.com

references:

• aws epel bs
• sourced commands