AWS Node.js Elastic Beanstalk

My domain is: api.cyyann.com

Problem: I created a Node.js Elastic Beanstalk server on AWS with the deafult Node.js application template. I tried as much solutions as i find on the internet to install the certificate but I always got an error like this.

command i tried to run:

  • sudo /usr/local/bin/certbot-auto --nginx

Error:

IMPORTANT NOTES:

1 Like

With Elastic Beanstalk, you are going to have to make some careful customizations to match the exact proxy environment that AWS has created for you: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/nodejs-platform-proxy.html

Certbot isn’t able to understand how Elastic Beanstalk is setup on its own.

For instance, if the default nginx listening port is 8080 (as in that above article), you may have to run Certbot with:

--http-01-port 8080

If that’s not it, then please provide the full output of the following command:

nginx -T
1 Like

Thank you, Now I receive a different error

Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1378, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1140, in run
_install_cert(config, le_client, domains, new_lineage)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 764, in _install_cert
path_provider.cert_path, path_provider.chain_path, path_provider.fullchain_path)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 507, in deploy_certificate
fullchain_path=fullchain_path)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_nginx/configurator.py”, line 202, in deploy_cert
vhosts = self.choose_vhosts(domain, create_if_no_match=True)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_nginx/configurator.py”, line 311, in choose_vhosts
str(self.config.https_port))]
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_nginx/configurator.py”, line 359, in _vhost_from_duplicated_default
default_vhost = self._get_default_vhost(domain, allow_port_mismatch, port)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_nginx/configurator.py”, line 397, in _get_default_vhost
" block for %s. Set the server_name directive to use the Nginx installer." % domain)
MisconfigurationError: Could not automatically find a matching server block for api.cyyann.com. Set the server_name directive to use the Nginx installer.
Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:

  • Unable to install the certificate
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/api.cyyann.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/api.cyyann.com/privkey.pem
    Your cert will expire on 2019-11-16. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot-auto
    again with the “certonly” option. To non-interactively renew all
    of your certificates, run “certbot-auto renew”
  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.
1 Like

You’re probably better off following the AWS documentation for configuring HTTPS on Elastic Beanstalk: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-nodejs.html

Whilst you could potentially fix the above error by adding a server_name in your nginx config, the changes (and also your certificates) are going to be wiped out every time your app is re-deployed.

The correct way to do what you are trying to do is to use Elastic Beanstalk with an AWS load balancer and a free certificate from AWS ACM, deployed to the load balaner.

Certbot wasn’t built to be used in temporary, horizontally-scaled environments like Elastic Beanstalk.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.