HTTPS on Amazon Linux with Nginx

This video is part of the following playlists:

Learn how to setup an Amazon Linux 2 EC2 instance with nginx to accept HTTPS requests.


First you need to create a new amazon linux 2 ec2 instance with Nginx installed. You can follow this vide to get started:

sudo amazon-linux-extras install nginx1 -y
sudo systemctl enable nginx
sudo systemctl start nginx


Make sure you have a domain name pointed at the EC2's ip address.

Just make sure you can access the ec2 instance on port 80 using a domain name.

Before continuing, stop the nginx service

sudo systemctl stop nginx


Certbot is a free, open-source software tool for automatically using Let's Encrypt certificates on manually-administrated websites to enable HTTPS.

In short, certbot is some software that makes setting up a TLS certificate incredibly easy.

Install certbot on the EC2 instance:

sudo wget -r --no-parent -A 'epel-release-*.rpm'
sudo rpm -Uvh*.rpm
sudo yum-config-manager --enable epel*
sudo yum install -y certbot 
sudo yum install -y python-certbot-nginx

Run the following command to setup a TLS certificate for your domain name:

sudo certbot certonly --standalone --debug -d

Replace with your actual domain or sub domain.

Once you've gone through all of the steps, you should end up with two files in the /etc/letsencrypt/live/your.domain directory. Of course, always replacing your.domain with the actual domain name you used.

  • /etc/letsencrypt/live/your.domain/privkey.pem
  • /etc/letsencrypt/live/your.domain/fullchain.pem

These files contain the public and private keys needed to create a secure connection with this server. Now we just need to tell nginx to use these when an HTTPS request comes in.

Modify the /etc/nginx/nginx.conf file to allow requests on port 443. You can just uncomment the final part of this file and adjust the settings for:

  • ssl_certificate "/etc/letsencrypt/live/your.domain/fullchain.pem";
  • ssl_certificate_key "/etc/letsencrypt/live/your.domain/privkey.pem";
  • ssl_protocols TLSv1.2 TLSv1.3;

Make sure you replace your.domain with your actual domain name. Your final server block for port 443 might look something like this:

server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  your.domain;

    ssl_certificate "/etc/letsencrypt/live/your.domain/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/your.domain/privkey.pem";
    ssl_protocols TLSv1.2 TLSv1.3;

    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_prefer_server_ciphers on;

    location / {

Then adjust the port 80 server block to forward HTTP requests to HTTPS requests.

server {
  listen 80 default_server;

  server_name _;

  return 301 https://$host$request_uri;

Restart nginx and test that you can now connect using HTTPS.

sudo systemctl restart nginx

Find an issue with this page? Fix it on GitHub