1 minute read

I use Let’s Encrypt to enable SSL/TLS encryption on all my websites. It’s brain-dead simple to configure with the EFF’s companion certbot tool and has gone a long way into the massive increase in HTTPS-by-default across the web. Unfortunately, certbot is not as familiar with the distant relative of the Red Hat family that is Amazon Linux 2.

Terminal window demonstrating certbot not knowing how to "bootstrap" on Amazon Linux

C’mon, certbot!

The server on which I am configuring HTTPS encryption is a new deployment so it’s pretty vanilla. My order of operations is as follows:

1) Download and put in place the certbot-auto script from the Electronic Frontier Foundation (EFF):

$ wget https://dl.eff.org/certbot-auto
$ sudo mv certbot-auto /usr/local/bin/certbot-auto
$ sudo chown root /usr/local/bin/certbot-auto
$ sudo chmod 0755 /usr/local/bin/certbot-auto

2) Enable the EPEL yum repo:

$ sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sudo yum install -y epel-release
$ sudo yum-config-manager --enable epel
$ sudo vi /etc/yum.repos.d/epel.repo

Change both "enabled=0" to "enabled=1"

3) And now, the pièce de résistance, tricking certbot into acting just like you’re a Red Hat server:

$ sudo touch /etc/redhat-release
$ sudo /usr/local/bin/certbot-auto --apache

Command line screenshot of me tricking certbot into believing that I am a Red Hat box, not Amazon Linux.

Boom. Empty /etc/redhat-release file.

If you want to DIY it or go a little off-script, these are the links I used to synthesize this information:

  1. Steps 1 and 2. Trouble ahead at 3: https://certbot.eff.org/lets-encrypt/pip-apache
  2. Post from Brad “bmw,” Warren, an EFF certbot engineer: https://community.letsencrypt.org/t/help-with-certbot-on-the-new-amazon-linux-2/49399/3
  3. Adding the EPEL repo: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-enable-epel/

“To make certbot-auto try the Amazon Linux bootstrapping, you can add “Amazon Linux” to /etc/issue or create the file /etc/redhat-release. Red Hat and Amazon Linux bootstrapping are identical.”

Brad Warren, EFF Certbot Engineer

Pretty simple trick.

Leave a comment