Let’s Encrypt on nginx & Amazon Linux

Automatic installation of Let’s Encrypt SSL certificate for nginx on Amazon Linux is not yet supported. Let’s see how we can do this manually.

To generate the certificate, execute:


ssh to@your.server.com
sudo service nginx stop
git clone https://github.com/letsencrypt/letsencrypt
git checkout amazonlinux
cd letsencrypt
sudo letsencrypt-auto -v

Most likely, this will fail on:

c/_cffi_backend.c:2:20: fatal error: Python.h: No such file or directory

To fix that, run:


sudo yum install python27-devel.x86_64

Now we can try again:

sudo ./letsencrypt-auto -v certonly -d www.nitrointerviews.com -d nitrointerviews.com --server https://acme-v01.api.letsencrypt.org/directory

You might be asked to enter your email and then you should get:

- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.nitrointerviews.com/fullchain.pem. Your
cert will expire on 2016-02-22. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.

Ok, we have our certificates, let’s put them to nginx conf file:

ssl_certificate /etc/letsencrypt/live/www.nitrointerviews.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.nitrointerviews.com/privkey.pem;

All done, let’s restart nginx:

sudo service nginx stop

To renew the certificate after 2 or 3 months, simply rerun:

sudo ./letsencrypt-auto -v certonly -d www.nitrointerviews.com -d nitrointerviews.com --server https://acme-v01.api.letsencrypt.org/directory

Comments are closed.