Score:0

Server

How to Enable SSL for Amazon EC2 Instance(LAMP packaged by Bitnami)?

alancc

1/16/23, 10:33 PM

I launch an EC2 instance with an AMI from the marketplace, which is called LAMP packaged by Bitnami.

After the instance is launched, I find I can only access its DNS name or IP via HTTP, not HTTPS. It seems that the SSL will not be installed by default.

So I search on its document and find this: https://docs.bitnami.com/aws/faq/administration/generate-configure-certificate-letsencrypt/

I follow the instruction to run the following command:

sudo /opt/bitnami/bncert-tool

But after inputting the DNS name ec2-3-95-160-86.compute-1.amazonaws.com, it shows a warning:

Warning: The domain 'ec2-3-95-160-86.compute-1.amazonaws.com' resolves to a 
different IP address than the one detected for this machine, which is 
'3.95.160.86'. Please fix its DNS entries or remove it. For more info see: 
https://docs.bitnami.com/general/faq/configuration/configure-custom-domain/

I doube-check the domain DNS at https://dnschecker.org/ and confirm ec2-3-95-160-86.compute-1.amazonaws.com will resolve to 3.95.160.86, as below:

So why I still get this warning? Also this warning will prevent me from creating the SSL certificate for ec2-3-95-160-86.compute-1.amazonaws.com at all.

166

0 + 0

ssl

certificate

https

lamp

amazon-ec2

Tim

1/16/23, 11:57 PM

You'll want to set up a proper domain name and DNS A records pointing at the server before you try to get an SSL cert

alancc

1/17/23, 1:04 AM

Can I set the SSL for the DNS name ec2-3-95-160-86.compute-1.amazonaws.com instead of a custom domain example.com? I want to do this because I will take the EC2 computer as a origin for Cloudfront, and use a custom domain example.com will cause redirect loop.

Tim

1/17/23, 1:10 AM

Let's Encrypt has a few validation methods, you might manage it with the HTTP challenge https://letsencrypt.org/docs/challenge-types/. Personally I would register the EC2 server as a subdomain - eg origin.example.com

alancc

1/17/23, 5:47 AM

@Tim, Thank you. I use origin.example.com and it works now.

Score:1

Server

Tim

1/17/23, 8:58 AM

Here's an answer to close things off.

The best approach here is to register a domain name for the server rather than using the EC2 domain name, set up DNS records, and create an A record for the server. Request a certificate for that domain name.

If you're using CloudFront a domain such as origin.example.com can be useful, so that CloudFront can control the primary domain. Otherwise you can register any domain name you like.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to Enable SSL for Amazon EC2 Instance(LAMP packaged by Bitnami)?

TH: วิธีเปิดใช้งาน SSL สำหรับ Amazon EC2 Instance (LAMP จัดทำโดย Bitnami)

RO: Cum se activează SSL pentru instanța Amazon EC2 (LAMP pachet de Bitnami)?

RU: Как включить SSL для экземпляра Amazon EC2 (LAMP, упакованный Bitnami)?

VI: Làm cách nào để bật SSL cho Phiên bản Amazon EC2 (LAMP do Bitnami đóng gói)?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.