Last active
August 6, 2025 05:49
-
-
Save ashishakya/e0a5547ef97b4b356efb20c4920f5975 to your computer and use it in GitHub Desktop.
Setup letsEncrypt in EBS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # path: .platform/hooks/postdeploy/00_get_certificate.sh (remove this line) | |
| # set a env variable of DOMAIN_NAME and EMAIL_ADDRESS in the elastic bean stalk environment | |
| #!/usr/bin/env bash | |
| # Load environment variables | |
| #source /opt/elasticbeanstalk/support/envvars | |
| # Use environment variables | |
| DOMAIN_NAME="${DOMAIN_NAME}" | |
| EMAIL_ADDRESS="${EMAIL_ADDRESS}" | |
| if [[ -z "$DOMAIN_NAME" || -z "$EMAIL_ADDRESS" ]]; then | |
| echo "Missing DOMAIN_NAME or EMAIL_ADDRESS. Aborting." | |
| exit 1 | |
| fi | |
| # Request certificate | |
| sudo certbot -n -d "$DOMAIN_NAME" -d "www.$DOMAIN_NAME" --nginx --agree-tos --email "$EMAIL_ADDRESS" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #path: .ebextensions/00_install_certbot.config (remove this line) | |
| container_commands: | |
| 00_install_deps: | |
| command: "sudo yum install -y python3 augeas augeas-libs" | |
| ignoreErrors: true | |
| 10_create_venv: | |
| command: "sudo python3 -m venv /opt/certbot" | |
| ignoreErrors: true | |
| 20_update_pip: | |
| command: "sudo /opt/certbot/bin/pip install --upgrade pip" | |
| ignoreErrors: true | |
| 30_install_certbot: | |
| command: "sudo /opt/certbot/bin/pip install certbot certbot-nginx" | |
| ignoreErrors: true | |
| 40_link_certbot: | |
| command: "if [ ! -f /usr/bin/certbot ]; then sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot; fi" | |
| ignoreErrors: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #path: .ebextensions/10_open_https_port.config (remove this line) | |
| Resources: | |
| sslSecurityGroupIngress: | |
| Type: AWS::EC2::SecurityGroupIngress | |
| Properties: | |
| GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]} | |
| IpProtocol: tcp | |
| ToPort: 443 | |
| FromPort: 443 | |
| CidrIp: 0.0.0.0/0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # path: .ebextensions/20_renew_ssl_certificate_cron_job.config (remove this line) | |
| files: | |
| /tmp/renew_cert_cron: | |
| mode: "000777" | |
| owner: root | |
| group: root | |
| content: | | |
| 0 0 * * * certbot renew --no-self-upgrade >> /var/log/letsencrypt/renew_test.log 2>&1 | |
| container_commands: | |
| 10_create_cert_crontab: | |
| command: "sudo crontab /tmp/renew_cert_cron" | |
| 20_delete_cronjob_file: | |
| command: "sudo rm /tmp/renew_cert_cron" | |
| ignoreErrors: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ebs platform is: my platform is: PHP 8.3 running on 64bit Amazon Linux 2023/4.6.0 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment