Single-instance HTTPS using certbot

Minimal example of HTTPS (TLS) setup using certbot, for an application running in a single-instance Elastic Beanstalk environment on AWS.

Features

• specifically for single-instance environments (i.e. without load balancer)
• Amazon Linux 2023
• nginx
• uses certbot to obtain free certificates automatically from Let's Encrypt
• redirects from HTTP to HTTPS
• mostly .platform and minimal .ebextensions

Getting started

1. Clone this repo
2. Create an application version from the repo, e.g. using the eb cli:

   eb appversion --create

3. Spin up a default Elastic Beanstalk web server environment with a single instance running Python on Amazon Linux 2023:
   • either do it manually, using the Elastic Beanstalk web console or eb cli (select your new application version from the list)
   • or use CloudFormation to create a stack using the template in the .cloudformation folder (specify the S3 key of your new application version, e.g. temp/app-6fxb-215704_101115830772.zip)
4. Visit your site to see the result

Notes

• If you are using a load balanced environment, it is much simpler to terminate https at the application load balancer, with the help of AWS Certificate Manager.
• This example uses Python, but the configuration should work for other platforms as well.
• Also see order of configuration steps in instance deployment workflow.
• To debug certificate issues, you can use e.g. Let's Debug.