Generate Let's Encrypt SSL Certificates in Cloud9
Let’s Encrypt is a service offering free SSL certificates that can be generated automatically
certbot utility. These certs are perfect for developing with HTTPS.
By default, AWS Cloud9 uses Amazon Linux AMI for the backing EC2 instance
which is not supported by the
Fortunately, the Cloud9 environment
comes pre-loaded with Docker and Let’s Encrypt provides
official Docker images for
Because Cloud9 does not expose port 80, a DNS challenge must be used to verify ownership of the domain. Generated certificates can be used by a helper process (like http-server) running on the backing EC2 instance and/or they may be copied onto another machine.
Pull the Docker image with certbot and the relevant DNS plugin. This example uses the dns-route53:
docker pull certbot/dns-route53
Generate a Certificate
This step assumes you have already configured the mydomain.com domain in Route 53.
The following command will generate a cert for mydomain.com registered to firstname.lastname@example.org in the ~/certs folder:
docker run -it --rm -v ~/.aws/credentials:/root/.aws/credentials -v ~/certs:/etc/letsencrypt certbot/dns-route53 certonly -n --agree-tos --dns-route53 --email email@example.com -d mydomain.com
Renew the certificate before it expires:
docker run -it --rm -v ~/.aws/credentials:/root/.aws/credentials -v ~/certs:/etc/letsencrypt certbot/dns-route53 renew
Edit the /etc/hosts file:
sudo su vi /etc/hosts
Add a line that corresponds to the domain used to generate the certificate:
The certificates can be utilized in whatever compatible backend you prefer. For example, the following command will serve static files in the CWD over HTTPS using http-server:
http-server -r -S -C ~/certs/mydomain.com/cert.pem -K ~/certs/mydomain.com/key.pem .
Comments are closed for this post.