X Marks the Spot

random commentary on life, the universe, and anything

Amazon Lightsail, Let’s Encrypt, and SSL


I’m really happy having migrated to Amazon Lightsail so far. The documentation is good and it has a big enough user base so that there are plenty of others who have had the same issues as I am encountering. Sometimes though, it’s not quite the same.

Tutorial: Configure Apache Web Server on Amazon Linux to Use SSL/TLS
Appendix: Let’s Encrypt with Certbot on Amazon Linux

Able to follow the first steps:

$ sudo yum-config-manager --enable epel
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ sudo ./certbot-auto --debug

As a sidenote, certbot-auto is located in /etc.

Anyway, after running through the certbot-auto steps, it fails with the following message:

Incorrect validation certificate for tls-sni-01 challenge. Requested 6e9f679b4c7458baae91e229b3352d33.6e3c653d675dfdf58604b4b049566594.acme.invalid from xxx.xxx.xxx.xxx:443. Received 1 certificate(s), first certificate had names \"ip-yyy-yyy-yyy-yyy, ip-yyy-yyy-yyy-yyy.us-west-2.compute.internal, localhost, localhost.localdomain\"

The certbot documentation for Apache on CentOS/RHEL 7 shows a certificate only process, instead of the automated installation of the certificate and key into the right locations.

The certificates are located in /etc/pki/tls/certs/
The private keys are located in /etc/pki/tls/private/

$ sudo certbot-auto --apache certonly

Running Certbot generates the certificate and key and puts them into /etc/letsencrypt/live/domain.com/

From there, it is just a quick ln -s to the right directories and boom. SSL works.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.