Skip to content

Instantly share code, notes, and snippets.

@rschuetzler

rschuetzler/00_get_certificate.sh

Last active April 28, 2025 01:57
Show Gist options
  • Save rschuetzler/793f478fa656cca57181261a266ec127 to your computer and use it in GitHub Desktop.
Save rschuetzler/793f478fa656cca57181261a266ec127 to your computer and use it in GitHub Desktop.
Download ZIP
Using LetsEncrypt with Amazon Linux 2023
Raw
00_get_certificate.sh
#!/usr/bin/env bash
# Place in .platform/hooks/postdeploy directory
sudo certbot -n -d YOURDOMAINHERE --nginx --agree-tos --email YOUREMAILHERE
Raw
00_install_certbot.config
# Place in .ebextensions directory at project root
container_commands:
00_install_deps:
command: "sudo dnf install python3 augeas-libs"
ignoreErrors: true
10_create_venv:
command: "sudo python3 -m venv /opt/certbot"
ignoreErrors: true
20_update_pip:
command: "sudo /opt/certbot/bin/pip install --upgrade pip"
ignoreErrors: true
30_install_certbot:
command: "sudo /opt/certbot/bin/pip install certbot certbot-nginx"
ignoreErrors: true
40_link_certbot:
command: "sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot"
ignoreErrors: true
Raw
10_open_https_port.config
# Place in .ebextensions directory
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
Raw
README.md

Files to use LetsEncrypt on Elastic Beanstalk (Amazon Linux 2023)

If you want to use Elastic Beanstalk's free tier with a single instance, you can use LetsEncrypt to get a free SSL certificate for your instances. Placing these files inside the appropriate directories will let you automatically install a certificate with every deploy.

Inside of your code, you should have the following structure:

.
├── index.js
├── package-lock.json
├── package.json
├── .ebextensions
│   ├── 00_install_certbot.config
│   └── 10_open_https_port.config
└── .platform
    └── hooks
        └── postdeploy
            └── 00_get_certificate.sh

Credit to Marcos Escandell for the Amazon Linux 2 instructions that led me to here.

@rschuetzler
Copy link
Author

This alone would not. It will renew if you redeploy your beanstalk environment, or you could add a script to cron to run this on a schedule.

@AinurDevBr
Copy link

Do I need to reconfigure nginx to look at the new certificates or will these commands do it automatically?

@rschuetzler
Copy link
Author

@AinurDevBr certbot updates the nginx configuration automatically when used with the --nginx argument

@AinurDevBr
Copy link

@AinurDevBr certbot updates the nginx configuration automatically when used with the --nginx argument

Thanks!

@JHoerbst
Copy link

awesome!

@Peter-Schorn
Copy link

I believe I have identfied a mistake in the following command:

sudo dnf install python3 augeas-libs

From my logs, I see the following output:

2025-04-28 01:23:56,655 P797103 [INFO] Command 00_install_deps
2025-04-28 01:23:59,047 P797103 [INFO] -----------------------Command Output-----------------------
2025-04-28 01:23:59,047 P797103 [INFO]  Amazon Linux 2023 repository                     42 kB/s | 3.6 kB     00:00    
2025-04-28 01:23:59,047 P797103 [INFO]  Amazon Linux 2023 Kernel Livepatch repository    47 kB/s | 2.9 kB     00:00    
2025-04-28 01:23:59,047 P797103 [INFO]  Amazon Linux 2023 Kernel Livepatch repository   134 kB/s |  15 kB     00:00    
2025-04-28 01:23:59,047 P797103 [INFO]  Package python3-3.9.21-1.amzn2023.0.2.x86_64 is already installed.
2025-04-28 01:23:59,047 P797103 [INFO]  Dependencies resolved.
2025-04-28 01:23:59,047 P797103 [INFO]  ================================================================================
2025-04-28 01:23:59,047 P797103 [INFO]   Package          Arch        Version                    Repository        Size
2025-04-28 01:23:59,047 P797103 [INFO]  ================================================================================
2025-04-28 01:23:59,047 P797103 [INFO]  Installing:
2025-04-28 01:23:59,047 P797103 [INFO]   augeas-libs      x86_64      1.13.0-1.amzn2023.0.2      amazonlinux      408 k
2025-04-28 01:23:59,047 P797103 [INFO]  
2025-04-28 01:23:59,047 P797103 [INFO]  Transaction Summary
2025-04-28 01:23:59,047 P797103 [INFO]  ================================================================================
2025-04-28 01:23:59,047 P797103 [INFO]  Install  1 Package
2025-04-28 01:23:59,048 P797103 [INFO]  
2025-04-28 01:23:59,048 P797103 [INFO]  Total download size: 408 k
2025-04-28 01:23:59,048 P797103 [INFO]  Installed size: 1.2 M
2025-04-28 01:23:59,048 P797103 [INFO]  Is this ok [y/N]: Operation aborted.
2025-04-28 01:23:59,048 P797103 [INFO] ------------------------------------------------------------
2025-04-28 01:23:59,048 P797103 [ERROR] Exited with error code 1

I believe you need to add the -y option to automatically answer yes to all questions:

sudo dnf install -y python3 augeas-libs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment