How to Set Up a WordPress Website with Free SSL Certificate on AWS EC2 (For Complete Beginners)
I opened this blog in December 2018, back then I had Amazon Web Services (AWS) free tier so I decided to host a WordPress site on AWS Elastic Compute Cloud (EC2). In addition, I was using AWS Elastic Load Balancer (ELB) for the implementation of the SSL certificate. This was good… for 12 months after that my free tier ended and I received a $19 invoice: ~$7 for EC2 ~0.50 for Route 53 (I will explain in a minute what it is) and the rest was for ELB. Apparently I was paying nearly 200% more for an HTTPS connection. I deactivated my blog for some time and decided to open back just a few weeks ago. Now, I am paying just under $7 and still have an SSL connection.
Why am I writing this post? Why AWS?
The main reason I am writing this post is that through this journey I didn’t find complete documentation for the whole process and countless small (and apparently easy) things took a lot of my time. I just wanted to wrap up all my experience in a single post. When it comes to “Why AWS?”, I didn’t just want to open a blog but also to learn technical stuff while doing this and AWS is a great platform for learning. Secondly, it is very customizable and you have full control over your website. On the other hand, other hosting service providers have competitive prices and easier to use ( Hostinger, Bluehost, DreamHost, etc.). Lastly, most of AWS’s features are free for 12 months.*
Step 1: Starting an EC2
After opening an AWS account and logging into the console, you can easily open your EC2 dashboard by searching it under the AWS services. Then let’s open our first EC2 by clicking the big orange “Launch instance” button. This brings us to the EC2 image market place of AWS, we want to set up WordPress so just search for that. You should see something like the below picture after that:
“ WordPress with NGINX and SSL Certified by Bitnami and Automattic” is the image we are searching for, selecting it will take you to machine type selection. Just chose t2.micro, as it is free-tier eligible, and click Review and Launch then Launch. If this is your first time creating an EC2 you should select the Create a new key pair option for SSH and name it however you like. After downloading the key move it somewhere you will not forget as we will use SSH regularly. After that, you can launch the instance.
By clicking on the instances name (something like i-054d749…) you can jump to the EC2 Management Console. Now we have to wait for a little bit for our EC2 to initialize, there is enough time to grab a coffee.
Copying and pasting the above Public IP address should take you to your WordPress site. If you see the below website then you are on the right track.
Step 2: Connecting the EC2 to the Domain
Our next step is making the connection between the EC2 and our domain. Originally EC2s don’t have a static IP address, for this reason, we will be using Elastic IP. From the menu on the left of EC2 Management Console we can go to the Elastic IP page:
Then by clicking Allocate Elastic IP Address (the big orange button) > Allocate, we can create a new static Elastic IP. After that, we should associate it with our EC2 by choosing the Associate Elastic IP address option from the Actions dropdown.
Choose your WordPress EC2 instance from the Instances dropdown and click Associate. Then, you are good to go.
Now we have an EC2 which is hosting a WordPress site and it has a static IP, next thing we have to do is to have name servers so that we can direct our domain. For this, from the top Services dropdown, we need to go to Route 53 and manage our Hosted Zones.
Click the big blue Create Hosted Zone button; write the domain you intend to use in the Domain Name area and choose Public Hosted Zone type then click Create. (I registered wordpresswithssl.tk domain for this post from Freenom) This should bring you to the page below:
In order to connect the hosted zone to our EC2, click Create Record Set. You can leave the Name field empty or enter www, Type should be A — IPv4 address, choose No for Alias, leave the default value 300 for TTL (Seconds), write the Elastic IP we have connected to our EC2 to the Value field, and you can leave the Routing Policy as default. The result should look like the picture below.
After clicking Create, copy the name server address in the NS Record Set and add them to your domain nameservers from your domain provider.
You may need to wait for a little, while the nameserver changes take effect so don’t rush. After that, you should be able to see your WordPress site when you go to your domain.
Step 3: Installing the SSL Certificate
This WordPress image of Bitnami offers a free SSL certificate installer. When you go to http://<YOUR_DOMAIN>/bitnami/index.html, it explains that running the command below will handle everything for you.
sudo /opt/bitnami/letsencrypt/scripts/generate-certificate.sh -m YOURMAIL -d YOURDOMAINWordPress with NGINX and SSL comes with a ready-to-use script that takes care of generating the Let’s Encrypt certificates to secure your application. It will also modify the configuration of the Web server so you do not need to worry about editing the files or restarting it.
Currently, when you try to connect your website with https, it should show the error below.
Now it is time to connect our EC2 via SSH and run Bitnami’s SSL installer. Do you remember the .pem file we have previously generated; from terminal cd to the folder containing it. Run the command below to connect the EC2.
ssh -i "<YOUR_FILE_NAME>" ubuntu@ec2-<EC2_PUBLIC_IP_ADDRESS_WITH_HYPHENS_>.compute-1.amazonaws.comIf you get an error saying WARNING: UNPROTECTED PRIVATE KEY FILE! you should run chmod 600 <YOUR_FILE_NAME> before running the ssh command.
And finally, when you get connected you should run the mentioned Bitnami command above, in my case:
sudo /opt/bitnami/letsencrypt/scripts/generate-certificate.sh -m YOURMAIL -d YOURDOMAINAfter the command finishes execution you should finally see the green Connection is secure message.**
Step 4: Redirections
Now we have a valid HTTPS connection but still, when we try to go to our site from HTTP it will show Not Secure message. In order to solve this, we will redirect all HTTP traffic to HTTPS. Without disconnecting from the EC2, we need to modify the bitnami.conf file:
sudo nano /opt/bitnami/nginx/conf/bitnami/bitnami.confThen change modify the part below:
# HTTP server server {
listen 80;
server_name localhost; #include "/opt/bitnami/nginx/conf/bitnami/phpfastcgi.conf"; include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf";
}
To look like this:
# HTTP server server {
listen 80;
server_name localhost;
return 301 https://$host$request_uri; #include "/opt/bitnami/nginx/conf/bitnami/phpfastcgi.conf"; include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf";
}
After making the changes you can exit from nano editor by CTRL+B, pressing y then Enter. Lastly, you need to restart Nginx for changes to take place:
sudo /opt/bitnami/ctlscript.sh restart nginxIf everything went well you should be able redirected to the “Connection is secure” HTTPS site when you type http://<YOUR_DOMAIN> to your browser.
Conclusion
This post contains nothing which is not already on the internet. However, when I tried to install SSL I struggled with many issues, from errors of Certbot to changing the wrong Nginx config file. I hope this post will help you to go through the process without any problems, and if you have any please feel free to comment or email. Thanks for your time.
* Technically you can open "infinite" accounts and abuse this but you shouldn't.
** Please try with incognito mode, cache in normal mode can still show you Not Secure even though it is.Originally published at https://δ.ml on February 28, 2020.
