How to add SSL certificate to EC2 Instance

2 minute read
, ,

This is what we want to achive. HTTPS NestJS app lives on AWS EC2 Instance and listening on port 3000. Wenn the browser sends a HTTP request we want automaticaly forwarding to port 3000. Also we want to use secure connection (HTTPS or SSL)

0. In this tutorial we will:

  1. Install NGNIX 1 on EC2 Instanse
    • Change configuration of the NGNIX to forward all requests from port 80 to NestJS app on port 3000
  2. Install Cerbot 2
    • Configure Cerbot
    • Get a Let’s Encrypt 3 certificate
  3. Enjoying website with SSL

1. Step

1sudo apt install nginx

Open NGNIX configuration file

1sudo nano ~/etc/nginx/sites-available/default

And add this settings.

 1        server_name dev.api.skimpel.de www.dev.api.slimpel.de; #Your domain name
 2
 3        location / {
 4                proxy_pass http://localhost:3000; # NestJS API port
 5                proxy_http_version 1.1;
 6                proxy_set_header Upgrade $http_upgrade;
 7                proxy_set_header Connection 'upgrade';
 8                proxy_set_header Host $host;
 9                proxy_cache_bypass $http_upgrade;
10        }

Important! Don’t forget to add ports 443 and 3000 in your EC2 security group -> inbound rules Inbound rules

Save file and restart NGNIX

1sudo service nginx restart

2. Step

Install Cerbot. Here is very nice site with instructions.

 1#Installing snapd proccess depends on your OS. Please visit the link above.
 2#Further instruction is relevant for Ubuntu 22.04 LTS
 3
 4#Ensure that your version of snapd is up to date 
 5sudo snap install core; sudo snap refresh core
 6
 7#Remove certbot-auto and any Certbot OS packages 
 8sudo apt-get remove certbot
 9
10#Install Certbot 
11sudo snap install --classic certbot
12
13#Prepare the Certbot command
14sudo ln -s /snap/bin/certbot /usr/bin/certbot
15
16#Choose how you'd like to run Certbot
17sudo certbot --nginx

After successfully received certificate you should get the following message:

… Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/dev.api.skimpel.de/fullchain.pem Key is saved at: /etc/letsencrypt/live/dev.api.skimpel.de/privkey.pem This certificate expires on 2022-12-17. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate Successfully deployed certificate for dev.api.skimpel.de to /etc/nginx/sites-enabled/default Successfully deployed certificate for www.dev.api.skimpel.de to /etc/nginx/sites-enabled/default Congratulations! You have successfully enabled HTTPS on https://dev.api.skimpel.de and https://www.dev.api.skimpel.de

1#Test automatic renewal
2#The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. 
3#You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:
4sudo certbot renew --dry-run

3. Step 😁

Api with SSL

If you need more info about EC2 configuration please contact me at bonaparteit@gmail.com

Usefull links: How To Deploy Your Node.js App On AWS With NGINX And SSL

  1. Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. ↩︎

  2. Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS. ↩︎

  3. Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. ↩︎