A TLDR installation guide for installing an SSL certificate in nginx on an Ubuntu EC2 instance. Assuming you already have a site up and running under ngi
While updating a Ghost blog, had to install SSL certificate. As Ghost was being served over nginx, there were a few hoops to jump through that I’d not come across before. Thankfully, straight forward to install. We’ll be using a LetsEncrypt certificate.
First, we need to add CertBot.
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo certbot --nginx -d mywebsite.com -d www.mywebsite.com
And that’s all there is to it.
If you see the following error it means that CertBot was unable to connect:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for mydomain.com
tls-sni-01 challenge for www.mydomain.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.mydomain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout, mydomain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout
This is likely due to DNS configuration issues or that the port is being blocked. Check that port 443 is allowed through the FireWall.