This article is intended for those who have set up their own websites but are still using the insecure HTTP protocol. This tutorial will assist you in applying for and installing a free certificate, based on a Linux and Apache server setup.

Let's begin with a brief introduction: Let's Encrypt is a free, automated, and open certificate authority. We can use the Certbot tool to automatically complete DNS verification challenges. With just a few additional settings, your site can be up and running with HTTPS.

On an Amazon Linux host, open the terminal and switch to the root user (or use sudo).

First, install python-pip:

sudo yum install python-pip

Then, use pip to install Certbot and the Apache plugin:

sudo pip install certbot certbot-apache

Configure to allow Certbot to add files to the following directory:

sudo chown -R ec2-user:ec2-user /var/www/html
sudo chmod -R 755 /var/www/html

Here's the command to apply for a certificate (you need to open port 80 on your firewall first):

sudo certbot certonly --webroot -w /var/www/html -d www.yourdomain.com

This command uses the --webroot option to specify the path to the web root directory (in this example, /var/www/html). The -d option is used to specify your domain name (for example, www.haoyun-wu.com).

The successful response to your request for a certificate would be:

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/www.yourdomain.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/www.yourdomain.com/privkey.pem
This certificate expires on 2023-09-09.
These files will be updated when the certificate renews.

Here's how you can redirect HTTP traffic (port 80) to HTTPS (port 443) in Apache:

First, edit the Apache configuration file:

sudo vi /etc/httpd/conf/httpd.conf

Add the following block into your configuration file:

<VirtualHost *:80>
    ServerName www.yourdomain.com
    Redirect permanent / https://www.yourdomain.com/
</VirtualHost>

Here, www.yourdomain.com should be replaced by your actual domain name. The Redirect directive indicates that all the requests coming on port 80 should be permanently redirected to the https version of your site.

Once you've made the changes, save and exit the file.

Finally, restart Apache to make sure the changes take effect:

sudo systemctl restart httpd

With this setup, any request to your website using HTTP will be redirected to HTTPS, ensuring secure communication.

reference:

https://letsencrypt.org/zh-tw/