Let’s Encrypt is a service offering free SSL certificates that can be generated automatically with the certbot utility. These certs are perfect for developing with HTTPS.

By default, AWS Cloud9 uses Amazon Linux AMI for the backing EC2 instance which is not supported by the certbot utility. Fortunately, the Cloud9 environment comes pre-loaded with Docker and Let’s Encrypt provides official Docker images for certbot.

Because Cloud9 does not expose port 80, a DNS challenge must be used to verify ownership of the domain. Generated certificates can be used by a helper process (like http-server) running on the backing EC2 instance and/or they may be copied onto another machine.

Getting Started

Pull the Docker image with certbot and the relevant DNS plugin. This example uses the dns-route53:

docker pull certbot/dns-route53

Generate a Certificate

This step assumes you have already configured the mydomain.com domain in Route 53.

The following command will generate a cert for mydomain.com registered to me@mydomain.com in the ~/certs folder:

docker run -it --rm -v ~/.aws/credentials:/root/.aws/credentials -v ~/certs:/etc/letsencrypt certbot/dns-route53 certonly -n --agree-tos --dns-route53 --email me@mydomain.com -d mydomain.com

Renew Certificates

Renew the certificate before it expires:

docker run -it --rm -v ~/.aws/credentials:/root/.aws/credentials -v ~/certs:/etc/letsencrypt certbot/dns-route53 renew

Use Certificates

Edit the /etc/hosts file:

sudo su
vi /etc/hosts

Add a line that corresponds to the domain used to generate the certificate:   mydomain.com

The certificates can be utilized in whatever compatible backend you prefer. For example, the following command will serve static files in the CWD over HTTPS using http-server:

http-server -r -S -C ~/certs/mydomain.com/cert.pem -K ~/certs/mydomain.com/key.pem .