Last active
August 23, 2017 00:20
-
-
Save tellodaniel/a783101a318987169f3b0213e485817a to your computer and use it in GitHub Desktop.
AWS Elastic Beanstalk certbot .ebextensions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Content of ssl.pre is wrong! that configuration is for Nginx | |
Apache here! | |
You need to modify the next paths depending your conf: | |
# Make an Apache config file for SSL | |
files: | |
/etc/httpd/conf.d/ssl.pre: | |
mode: "000644" | |
owner: root | |
group: root | |
content: | | |
LoadModule wsgi_module modules/mod_wsgi.so | |
WSGIPythonHome /opt/python/run/baselinenv | |
WSGISocketPrefix run/wsgi | |
WSGIRestrictEmbedded On | |
Listen 443 | |
<VirtualHost *:443> | |
SSLEngine on | |
SSLCertificateFile /etc/letsencrypt/live/ DOMAIN_HERE /fullchain.pem | |
SSLCertificateKeyFile /etc/letsencrypt/live/ DOMAIN_HERE /privkey.pem | |
Alias /static/ /opt/python/current/app/ STATIC_ROUTE_HERE | |
<Directory /opt/python/current/app/ STATIC_ROUTE_HERE> | |
Order allow,deny | |
Allow from all | |
</Directory> | |
WSGIScriptAlias / /opt/python/current/app/application.py <- APP_HERE | |
<Directory /opt/python/current/app/> | |
Require all granted | |
</Directory> | |
WSGIDaemonProcess wsgi-ssl processes=1 threads=15 display-name=%{GROUP} \ | |
python-path=/opt/python/current/app:/opt/python/run/venv/lib64/python3.4/site-packages:/opt/python/run/venv/lib/python3.4/site-packages user=wsgi group=wsgi \ | |
home=/opt/python/current/app | |
WSGIProcessGroup wsgi-ssl | |
</VirtualHost> | |
packages: | |
yum: | |
epel-release: [] | |
mod24_ssl : [] | |
# Steps here | |
# 1. Install certbot | |
# 2. Get cert (stop apache before grabbing) | |
# 3. Link certs where Apache can grab | |
# 4. Get the Apache config in place | |
# 5. Move certbot-auto into tmp folder | |
container_commands: | |
10_installcertbot: | |
command: "wget https://dl.eff.org/certbot-auto;chmod a+x certbot-auto" | |
20_getcert: | |
command: "sudo ./certbot-auto certonly --debug --non-interactive --email EMAIL_HERE --agree-tos --standalone --domains ${certdomain} --keep-until-expiring --pre-hook \"service httpd stop\" --post-hook \"service httpd start\"" | |
30_link: | |
command: "ln -sf /etc/letsencrypt/live/${certdomain} /etc/letsencrypt/live/ebcert" | |
40_config: | |
command: "mv /etc/httpd/conf.d/ssl.pre /etc/httpd/conf.d/ssl.conf" | |
50_mv_certbot_to_temp_for_cron_renew: | |
command: "mv ./certbot-auto /tmp" | |
Be careful with identetation!!!! | |
If something fails just ssh your server and write "service httpd restart" | |
If it can't bind the port just wait some minutes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment