SSL Configration in Ec2 Namecheap

In this section, I will show you how to config the SSL in Namecheap and AWS EC2.

Preparation

1. Buy a domain name
2. Buy a SSL certificate
3. Generate a key and csr file
4. Config the SSL in Namecheap
5. Config the SSL in AWS EC2 ubuntu

Buy a domain name

Go to Namecheap and buy a domain name.

Buy a SSL certificate

Go to Dashboard -> SSL Certificates -> Buy SSL Certificates.

Generate a key and csr file

Go to csrgenerator.com and generate a key and csr file. You can use online tools to generate the key and csr file. or the following command in Mac:

1

openssl req -new -newkey rsa:2048 -nodes -keyout yoursite.key -out yoursite.csr

Config the SSL in Namecheap

Go to SSL Certificates page and click “Reissue” or “Issue” in the “SSL Certificates” section. Paste the csr file content into the “CSR” field. Then click “Next” button. Wait for a while, you will see the SSL certificate is ready.

Then, Go to the “Domains List” –> “Manage” –> “Advanced DNS” –> “Manage” –> “SSL Certificates”.

In my case, I config www, www.site as the domain name. The most important thing is to add “CNAME Record” for the domain name. If the domain name abc.xxx.com, the Host ofCNAME Record is should be “_0fxxxd.abc”, if the domian name you want to config is www.xxx.com, the Host ofCNAME Record is should be “_0fxxxd.” Don’t forgot the “.”.

Where to find the CNAME Record

In the “SSL Certificate” section, you can see this page and this is the place to get CNAME Record.

Once you add the CNAME Record, wait for a while, the status of the SSL certificate will be changed from “Pending Validation” to “Verfiy” which me you can see [download] button in SSL Certificates page.

Download the SSL certificate in SSL Certificates page. Last step is to config the SSL in AWS EC2.

Config the SSL in AWS EC2

Log in to EC2. If this is the first time configuring, you’ll need to create a folder yourself to store the SSL files.

1

sudo mkdir /etc/ssl/

Create three files in this folder: certificate.ca-bundle, certificate.crt, and certificate.key(private key). The command is:

1
2
3

touch certificate.ca-bundle
touch certificate.crt
touch certificate.key

Open the files downloaded from Namecheap using a text editor, copy the corresponding content into the respective files, and save them. You may find that there is no .key file, but in fact, the key file was already generated when you first created the CSR (Certificate Signing Request).

Configure under the apache2 folder

1
2
3

cd ls/etc/apache2/sites-available
ls
cat 000-default.conf

In 000-default.conf file: ServerName and ServerAlias should be the domain name you want to config. abc is sub domain name of xxx.com.

In my case, I only want to use visit the site by https://abc.xxx.com, so I need to add the following content into the 000-default.conf file.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

<VirtualHost *:443>
ServerAdmin admin@example.com
DocumentRoot /var/www/html/forum/public
ServerName abc.xxx.com
ServerAlias abc.xxx.com

<Directory /var/www/html/forum/public/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^abc\.xxx\.com$ [NC]
RewriteRule ^ - [F]
</IfModule>

SSLEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
SSLCertificateFile /etc/ssl/certificate.crt
SSLCertificateKeyFile /etc/ssl/certificate.key
SSLCertificateChainFile /etc/ssl/certificate.ca-bundle

</VirtualHost>

“Open the 000-default.conf file. I have already configured it, and you can see that port 443 is pointing to the SSL files that were just downloaded and uploaded to the server. If you need to make changes…”

Last step is to restart the apache2 service.

1
2

sudo a2enmod ssl
sudo systemctl restart apache2

Now, you can visit the site by https://abc.xxx.com.