looking for a way to get certbot running on Amazon Linux 2

lets-encrypt certbot amazon-linux

I was having trouble with this as well since Amazon Linux 2 doesn't have epel-release in its repositories, but I've found you can install the EPEL RPM package itself, and then you'll be able to install certbot or certbot-nginx from there.

  • Download the RPM

    curl -O http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

  • Then install it

    sudo yum install epel-release-latest-7.noarch.rpm

  • Now you can install certbot

    sudo yum install certbot

  • And then run it as usual

    sudo certbot

Check out the certbot page for configuration details after that.


Instead of Certbot you can use Acme, which works and is well documented. I have a tutorial on setting up Let's Encrypt on Amazon Linux here.

Nginx Configuration

Let's Encrypt needs to call out to the server to verify the request before a certificate is issued. Acmetool can use its built in web server or an external web server. Here's my Nginx configuration, which sits alongside a secure server block that serves the rest of the site.

# This server directly serves ACME / certificate redirects. All other requests are forwarded the https version of the page
server {
  listen 80;
  server_name example.com;
  access_log /var/log/nginx/access.log main;

  # Let's Encrypt certificates with Acmetool
    location /.well-known/acme-challenge/ {
    alias /var/www/.well-known/acme-challenge/;
  }

  location / {
    return 301 https://www.photographerstechsupport.com$request_uri;
  }
}

Nginx Folders

mkdir -p /var/www/.well-known/acme-challenge
chmod -R user:www-data /var/www/acme-challenge/*
find /var/www/acme-challenge/ -type d -exec chmod 755 {} \;
vi /var/www/acme-challenge/.well-known/acme-challenge/text.html   (add "hello world" or similar)

Install Acme

sudo -i   (this is run as root)
cd /opt
wget https://github.com/hlandau/acme/releases/download/v0.0.62/acmetool-v0.0.62-linux_386.tar.gz (NB check for newer versions here)
tar -xzf acmetool-v0.0.62-linux_386.tar.gz
cd acmetool-v0.0.62-linux_386/bin
cp ./acmetool /usr/local/bin
/usr/local/bin/acmetool quickstart

In the quickstart enter this as your webroot

/var/www/.well-known/acme-challenge/

Request a Certificate

/usr/local/bin/acmetool want example.com www.example.com

Troubleshooting #1

acmetool --xlog.severity=debug > /tmp/dump 2>&1 want example.com www.example.com
fgrep -v fdb: /tmp/dump | fgrep -v storageops: > /tmp/dumpout

I have other troubleshooting tips on my blog article.

Related

Are DNS queries encrypted?
Unable to login to ec2 instance after running “sudo chmod 2770 /”
Warning: DocumentRoot does not exist... But it does
Why is Virtual PC being bundled with Windows 7 significant? [closed]
How do I force Apache to use HTTPS in conjunction with AJP?
Anyone migrated from Lotus Notes to Exchange? [closed]
Rough estimate for speed advantage of SAN-via-fibre to san-via-iSCSI when using VMware vSphere
How to Eliminate Tape Backup and Off-site Storage Service?
nmap shows opened port but netstat doesn't
How can I programmatically change a static IP address?
terminal server has exceeded max number of allowed connections
Do I need to restart/reload apache when adding a configuration file under /etc/httpd/conf.d