Skip to content

Ghost

SSL certificate installation on EC2 (Amazon Lightsail)

A TLDR installation guide for installing an SSL certificate in nginx on an Ubuntu EC2 instance. Assuming you already have a site up and running under ngi

While updating a Ghost blog, had to install SSL certificate. As Ghost was being served over nginx, there were a few hoops to jump through that I’d not come across before. Thankfully, straight forward to install. We’ll be using a LetsEncrypt certificate.

First, we need to add CertBot.

  • sudo add-apt-repository ppa:certbot/certbot
  • sudo apt-get update
  • sudo apt-get install python-certbot-nginx
  • sudo certbot --nginx -d mywebsite.com -d www.mywebsite.com

And that’s all there is to it.

Dev Notes

If you see the following error it means that CertBot was unable to connect:


Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for mydomain.com
tls-sni-01 challenge for www.mydomain.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.mydomain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout, mydomain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout

This is likely due to DNS configuration issues or that the port is being blocked. Check that port 443 is allowed through the FireWall.

Amazon Lightsail firewall config