More then a year ago I installed SSL/TLS support for this blog using Amazon’s guide. Now that certificate has expired and I need a new one. This time I decided to use Let’s Encrypt because I have successfully used it for my other projects. And it was actually very easy:
chmod +x certbot-auto
./certbot-auto run --apache -d blog.apalagin.net
This tool will complain that Amazon Linux is experimental. But I had no issues with that and it did all the work for me! Then only caveat is that Let’s Encrypt certificates expire in 2 month, so you should add a cron job to renew it regularly. For example, something like this in your /etc/crontab:
39 1,13 * * * root /home/ec2-user/certbot-auto renew
I also should mention that there is a next version of Amazon Linux – 2.2 – and you can install Cerbot there from EPEL repository.