Configuring Certbot on Elastic Beanstalk

I’ve recently been deploying a laravel app on AWS. I ran into an issue where I don’t really want to purchase a SSL Cert right now but I’d still like https. Simply I thought I could just configure certbot as per the instructions I found on A Comprehensive Guide to Deploying Laravel on Honeybadger.io

Unfortunately the instructions are out of date and I had some trouble getting them to work. So for future reference these are the steps I took to get this working:

Create a new prebuild hook under .platform/hooks/prebuild/install_certbot.sh

#!/bin/sh

sudo python3 -m venv /opt/certbot
sudo /opt/certbot/bin/pip install --upgrade pip
sudo /opt/certbot/bin/pip install certbot certbot-nginx
sudo ln -sf /opt/certbot/bin/certbot /usr/bin/certbot

Now we’ll create two postdeploy hooks .platform/hooks/postdeploy/get_ssl_certificate.sh

#!/bin/sh

sudo certbot \
    -n \
    --nginx \
    --agree-tos \
    -d $(/opt/elasticbeanstalk/bin/get-config environment -k CERTBOT_DOMAINS) \
    --email $(/opt/elasticbeanstalk/bin/get-config environment -k CERTBOT_EMAIL)

Make sure you add two environment variables to your elastic beanstalk environment:

and finally .platform/hooks/postdeploy/renew_ssl_certificate.sh

#!/bin/sh

echo "0 0 1 * * root certbot renew --no-self-upgrade" \
    | sudo tee /etc/cron.d/renew_ssl_cert_cron

Now you can bundle your app and deploy it and you should have a working SSL cert.