Let’s Encrypt is a service offering free SSL certificates that can be generated automatically
with the certbot utility. These certs are perfect for developing with HTTPS.
By default, AWS Cloud9 uses Amazon Linux AMI for the backing EC2 instance
which is not supported by the certbot utility.
Fortunately, the Cloud9 environment
comes pre-loaded with Docker and Let’s Encrypt provides
official Docker images for certbot.
Because Cloud9 does not expose port 80, a DNS challenge must be used to verify ownership of the domain. Generated certificates can be used by a helper process (like http-server) running on the backing EC2 instance and/or they may be copied onto another machine.
Getting Started
Pull the Docker image with certbot and the relevant DNS plugin. This example uses the dns-route53:
docker pull certbot/dns-route53
Generate a Certificate
This step assumes you have already configured the mydomain.com domain in Route 53.
The following command will generate a cert for mydomain.com registered to me@mydomain.com in the ~/certs folder:
docker run -it --rm -v ~/.aws/credentials:/root/.aws/credentials -v ~/certs:/etc/letsencrypt certbot/dns-route53 certonly -n --agree-tos --dns-route53 --email me@mydomain.com -d mydomain.com
Renew Certificates
Renew the certificate before it expires:
docker run -it --rm -v ~/.aws/credentials:/root/.aws/credentials -v ~/certs:/etc/letsencrypt certbot/dns-route53 renew
Use Certificates
Edit the /etc/hosts file:
sudo su
vi /etc/hosts
Add a line that corresponds to the domain used to generate the certificate:
127.0.0.1 mydomain.com
The certificates can be utilized in whatever compatible backend you prefer. For example, the following command will serve static files in the CWD over HTTPS using http-server:
http-server -r -S -C ~/certs/mydomain.com/cert.pem -K ~/certs/mydomain.com/key.pem .