Access your EC2 instance via SSH and follow these steps to setup a premium third-party SSL certificate for a custom domain/sub-domain locally on your EC2 instance.
No AWS load balancer configuration required!
Since you will be setting-up a long validity paid SSL certificate, you will not be using the Certbot software that we pre-installed on your EC2 instance.
We have already opened port 443 for your EC2 instance so you do not need to change any firewall settings.
Setup OpenSSL
Run the following command to install openssl:
sudo apt-get install openssl
If a message is displayed that it is already installed, move on to the next step.
Enable the SSL module for Apache
Run the following command to do so:
sudo a2enmod ssl
Once it is enabled, restart the Apache web server using:
sudo systemctl restart apache2
If it the SSL module was already enabled, move on to the next step.
Prepare a directory for SSL certificates
Create a directory for SSL certificate using the following command:
sudo mkdir /etc/apache2/ssl
Generate a CSR and save the Private key
You can generate a CSR with a Private key online using this tool.
Then Upload and Save the Private key in a text file in the /etc/apache2/ssl directory.
To do so run the following command:
sudo nano /etc/apache2/ssl/private.key
Copy-paste the contents of the Private key you generated from the online tool into the editor in the SSH console, and save the file using Ctrl+X keys on the keyboard.
Upload SSL Certificate files
Once you have received your SSL certificate files you will need to upload them to the /etc/apache2/ssl directory.
To upload the website (leaf) certificate run the following command:
sudo nano /etc/apache2/ssl/website.crt
Copy-paste the text content of the website CRT certificate file into the editor in the SSH console, and save the file using Ctrl+X keys on the keyboard.
To upload the CA bundle (also known as Certificate Chain), run the following command:
sudo nano /etc/apache2/ssl/ca-bundle.crt
Copy-paste the text content of the ca-bundle CRT certificate file into the editor in the SSH console, and save the file using Ctrl+X keys on the keyboard.
Add the VirtualHost entries for your website
Next we need to enable the VirtualHost for our site to serve pages using https.
You will either need to create a new VirtualHost entry (.conf file under /etc/apache2/sites-available) if its a new site, or add this to an existing entry for your site.
<VirtualHost *:443> ServerName website.com ServerAlias www.website.com DocumentRoot /documentroot/ SSLEngine on SSLCertificateFile /etc/apache2/ssl/website.crt SSLCertificateKeyFile /etc/apache2/ssl/private.key SSLCertificateChainFile /etc/apache2/ssl/ca-bundle.crt </VirtualHost>
If you have already got a Let’s Encrypt certificate configured for your site using Certbot, you will need to modify or delete the VirtualHost entry for it.
Now restart the Apache web server using:
sudo systemctl restart apache2
Thats all you need to do. Now you should be able to access your website using https://<custom_domain>