Getting HTTPS with google domain on AWS EC2

Who this guide is for: you are using EC2 amazon linux 2 intance and not on Amazon’s domain. In particular, google domain, because it seems to be the most troublesome of all. You should already have set up ssh with your private key into the instance, using a client such as putty. I’m also assuming you are running apache.

To check you amazon linux version, simply use the following command

cat /etc/system-release

If your return is:

Amazon Linux release 2 (Karoo)

Well, you got aws linux 2. Or you can just look at the terminal hahaha.

Firstly, let me give an overview of what I’ll be doing. Essentially I will point my google domain to my instance’s public facing ip using A record. After which I will ssh into my instance and then run certbot auto to get an auto-renewed ssl certificate for my domain’s prefix(www).

Ok, I assume you have already logged into your aws console and have your ssh terminal running. Let’s get to the actual work.

1. Go to your aws services and search ec2. Go into instances and find your public IP.

2. Now go to your domain provider. Find DNS settings and then find your custom resource record. Enter your public ip in the ipv4 field and give it any name you like.

After this change, you probably need to wait about an hour or so before changes take place.

Meanwhile, you can go set up your security group settings for your instance. Click on the one that correspond to your instance. It should be launch-wizard-something if you left it as default. Then click on edit inbound rule. Make sure you add all the following rules.

That’s it for aws side. Now go to this website: https://certbot.eff.org/lets-encrypt/pip-apache. Run these commands.(without the $ please…)

$ wget https://dl.eff.org/certbot-auto
$ sudo mv certbot-auto /usr/local/bin/certbot-auto
$ sudo chown root /usr/local/bin/certbot-auto
$ sudo chmod 0755 /usr/local/bin/certbot-auto

After which, run this command

$ sudo vim /usr/local/bin/certbot-auto

Use your down arrow key and go down to about line 800. There you will see something like this

elif [ -f /etc/redhat-release ]; then

Press “insert” key on your keyboard and delete the entire line. Replace with the following

elif [ -f /etc/redhat-release ] || grep 'cpe:.*:amazon_linux:2' /etc/os-release > /dev/null 2>&1; then

Note: I did not come up with this edit, I found it here: https://medium.com/@andrenakkurt/great-guide-thanks-for-putting-this-together-gifford-nowland-c3ce0ea2455. I adapted that tutorial to work for my case.

You can press “escape” then “:wq” “enter” to exit vim.

Once that is done, all you have to do it run the final command from certbot’s page

$ sudo /usr/local/bin/certbot-auto --apache

Follow the instruction on screen and you are good to go! Your https will be ready in about 15min at most!

Happy networking!