How to Install an SSL/TLS Certificate In Amazon EC2 (AWS)

AWS EC2 is one of the most used and convenient solutions for hosting web servers and applications accessible worldwide. Securing your applications with an SSL certificate is vital for safeguarding user data and building trust. In this article, we will be hosting a basic web application on EC2 and will be generating and installing an SSL certificate to ensure a secure browsing experience for your users. By following these steps, you can effectively deploy and protect your web applications on AWS EC2, bolstering security and user confidence for absolutely free.

• AWS account
• Bash
• NGINX

Amazon Elastic Compute Cloud (EC2) is a core service within Amazon Web Services (AWS), providing the foundation for cloud computing. EC2 allows you to rent virtual computers (instances) with varying configurations of CPU, memory (RAM), storage, and networking. New container containers can easily be launched to meet traffic demand. Instances can be set up in various geographic locations to optimize latency.

An SSL certificate is a digital object that enables a secure connection between a website and a user’s browser. SSL certificates are hosted on a website’s origin server and contain the website’s public key and identity, along with other information. Devices that try to communicate with the origin server use this file to get the public key and verify the server’s identity. The private key is kept secret.

Step 1: Login to your AWS account and go to the EC2 page. Make sure to select the region nearest to you for better latency.

Step 2: Click on the Launch Instance button.

Step 3: Give a name to your instance. Select a Ubuntu image as OS for the instance.

Step 4: For instance type, select t2.micro. Generate a key pair if you don not already have one. Give a name to your key pair and leave everything else to default. Download the key pair in your device.

Step 5: Leave everything else to default and launch the instance.

Step 6: Navigate to Elastic IP to assign a public IP address to your instance.

Stet 7: In Elastic IP page, Click on Allocate Elastic IP Adddress button. In the new page leave everything to default and click on allocate.

Step 8: You now should see Associate this Elastic IP button on the top of the page and click on it.

Step 8: Select the instance id and click on Associate.

SSH is built in in Linux and MacOS. If you are using Windows, you can skip these steps and connect directly from AWS console or you can configure SSH.

Step 1: Now on the instance page, click on the instance id to open instance details. Click on connect.

Step 2: Go to SSH Client option and follow the steps to establish connection to the instance from your device terminal.

In terminal paste the command to connect to you terminal.

ssh -i /path/to/your/ssh-key-name.pem ubuntu@instance-public-ip-address

Now we are in the terminal of the EC2 instance. Update the packages

sudo apt update

We are using a simple Next.js application but you can use what ever you want. Remeber to change the port number accordingly. Next.js by default uses port 3000.

Step 1: Install git and vim in instance

sudo apt install git vim

Step 2: Install Node.js

curl -sL https://deb.nodesource.com/setup_22.x | sudo -E bash -

sudo apt install nodejs

Verify the installation

node --version

Step 3: Install pnpm globally

curl -fsSL https://get.pnpm.io/install.sh | sh -

Step 4: Clone the repo and make the production build

git clone https://github.com/sarthakroy107/reg-form.git && cd reg-form && pnpm i && pnpm build

Step 5: We want to run our application in background, so need a process manager, so we are going to install pm2

pnpm add -g pm2 && pm2 start pnpm -- run start && pm2 list

One process is running which is our Next.js application. It is running in port 3000 but still will not be able to access the website using public ip address as AWS in not listening to inbound traffic in port 3000. So we have expose port 3000 first.

Step 1: In the instance details page, click one security and then on security groups.

Step 2: Click one Edit Inbound Rule and the Add Rule. In total we have to add 6 rules. Follow the image to add the rules and save.

Step 3: Now the website can be accessed using public IP address with 3000 port number.

Step 1: Now we will setup a domain to point to IP address. Go to your domain name registrar and setup domain to point to instance IP address. If you do not have a domain, use no-ip to get free sub domain or purchase one from your preferred domain registrar.

Step 2: Go to DNS settings and add type A Record and value is instance public address. Also add CNAME Record and put the instance IPv4 DNS server url in value. You can get both from instance details page.

Step 3: You can now visit the website using “your-domain:3000”.

Step 1: Install nginx in the instance.

sudo apt install nginx

Step 2: Configure nginx

sudo vim /etc/nginx/sites-available/default

Change server name and location in the file

server_name your-domain www.your-domain; # aokura.site www.aokura.site

        location / {
                proxy_pass http://localhost:3000; # Port number where the application is running
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }

This configuration tells nginx to redirect any incoming request from “/” path to port 3000. Save the configuration file and execute the following command to check your configuration.

sudo nginx -t

Step 3: If the file is correctly configured, restart nginx.

sudo nginx -s reload

Now on visiting you domain, will should see the website.

Step 1: Download Certbot to provision and install SSL certificate from LetsEncrypt.

sudo add-apt-repository ppa:certbot/certbot && apt update && apt install python3-certbot-nginx

Step 2: Now install the certificate.

sudo certbot --nginx -d your-domain -d www.your-domain

Step 3: It will ask for following information

• Your email address
• Agreeing to term and conditions
• Sharing Email with Electronic Frontier Foundation(optional)

Step 4: Now you have installed a valid SSL certificate. Visit you domain.

AWS is currently one of most in demand skill in industry. SSL certificate is necessary to build trust among users and protect user data. In this article we have learned how to setup EC2 instance, hosting a website in EC2, allowing traffic to specific port, configuring nginx and installing SSL certificate to enable secure https connect to our website.

For how long is the certificate valid?

Certificate is valid for 90 days. It can be renewed using the following command.

sudo certbot renew

Do I need to pay for SSL certificate?

No, it is absolutely free.

Project can not be accessed from public IP address?

Make sure you have followed all the steps correctly and your inbound traffic rules match with the provided picture.

Will AWS charge for EC2 instance?

If your AWS account is less than a year old and you are using free tier options and limits for EC2, then there will no charge.