Let's Try to Encypt with nginx and AL2023

02 Jun 2023 - rich

Adding a TLS/SSL cert to your webpage running with NGINX on Amazon Linux 2023 should not be this convoluted, or perhaps should just be better documented? Some thoughts on what EC2 AMIs to run in your envivronment as well as the additional challenges deploying letsencrypt on NGINX in a new Amazon Linux 2023 image. I will attempt to list out the steps and any links that could help.

Some background first… nothing too much here, just wanted to throw out a quick and dirty webserver in my own environment (so on the aws cheap… limit the resources but don’t necessarily sacrifice security… ) Because of work, I will usually grap an Amazon Linux 2 image and just use it. Just for kicks though, I opted for the newer Amazon Linux 2023 image.

I guess this is a good place to stop and remind myself (because no one reads what I write, and that is okay with me ;) because this is just for me, to help me and is my therapy…) that it is usually a good idea to have a plan and work through things (at least in your head) so there aren’t any surprises… even though I wasn’t expecting any haha…

Firstly, webservers… my preference is NGINX. That was an easy task. The next one though…

My first surprise came when I tried to get letsencrypt set up. Hey, don’t judge… the EFF and LetsEncrypt server a very good purpose and charge much less than AWS :) But… you get what you pay for! LetsEncrypt depcrecated the manual installation process (too bad) and prefers to use snap/snapd/snappy but I really don’t. (detecting a theme here aren’t you? I haven’t built a career doing what everyone else does haha and the exceptions, one-offs, and the agita caused by trying to do the less documented… well, it is a valuable learning experience!

“Two repos diverge on an inter web. And sorry I could not clone and deploy both. And be one devOps engineer, long I stood And cat | less and viewed as far as I could To where it forked in the online repository; Then took the other, as just as cloned. Two repos diverged on the web, and I, I took the one less cloned by. And that has made all the difference”