Mike Milligan and the Kitchen brothers Here is a tutorial on how you can create free SSL certificates for your deployments. quick AWS If you’re on AWS and hosting a large workload, you can actually get free certificates from Amazon by using their Certificate Manager. However these certificates can only be attached to an AWS Load Balancer, an API Gateway instance or a CloudFront distribution. For small Laravel staging deployments that don’t require a load balancer because you just need one front-end server, it is then not worth the overhead cost as a Load Balancer comes at around $17 per month, depending on the region. On the other hand, Let’s offers a free Certificate Authority service, which means it will sign SSL/TLS certificates for free. The downside is that they expire every 90 days and also the procedure to create these certificates can be laborious. Indeed, you need to prove that you have control over a domain before receiving your certificates, for example by deploying a Nginx server with a validation file on that domain. It’s time-consuming and it’s a pain. Encrypt I will show you instead how you can create a Let’s Encrypt certificate for AWS, directly from your development machine, in two command lines. Requirements: — having the AWS CLI installed and configured — having Certbot installed on your machine : — having your domain name registered as a hosted zone in Route53 in your AWS account brew install certbot 1. Creating our hook script Copy the below script in your current directory using the command: wget [https://gist.githubusercontent.com/li0nel/4563f8d909e808169c91a5521569ff10/raw/cb1396d07eb91700642b27a4cd92e335498c03ca/auth-hook.sh](https://gist.githubusercontent.com/li0nel/4563f8d909e808169c91a5521569ff10/raw/cb1396d07eb91700642b27a4cd92e335498c03ca/auth-hook.sh) -O ./auth-hook.sh && chmod +x auth-hook.sh This will create an executable script that uses the AWS CLI to insert a TXT record in your Route53 DNS records. The TXT record is then used by Let’s Encrypt servers to verify that you control the domain, by querying the DNS servers for that domain. 2. Execute Certbot In the same directory, execute the below command, after replacing by your actual domain name and the email by your appropriate email address. Note that this will generate a certificate both for and . You can add as many subdomains AFAIK however Let’s Encrypt does not support wildcard certificates. your_domain.com your_domain.com www.your_domain.com This might take a couple minutes, but eventually your certificates will be created in a directory. /letsencrypt For Nginx, the file you are looking for is and the is . ssl_certificate fullchain.pem ssl_certificate_key privkey.pem Here you go! It took two command lines as promised, and a lot less headache than usual. Lionel is Chief Technology Officer of London-based startup Wi5 and author of the Future-Proof Engineering Culture course . You can reach out to him on https://getlionel.com
