It produced this output:
--2021-09-15 17:51:50-- https://dl.eff.org/certbot-auto
Resolving dl.eff.org (dl.eff.org)... 199.232.xx.yyy, 2a04:4e42:50::201
Connecting to dl.eff.org (dl.eff.org)|199.232.xx.yyy|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2021-09-15 17:51:50 ERROR 404: Not Found.
My web server is (include version): nginx/1.18.0
The operating system my web server runs on is (include version): 4.14.203-156.332.amzn2.x86_64
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No. using SSH to login via shell terminal
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): No idea. I can't install.
First, @aningbo, a clarification. You are having trouble installing Certbot which is a client used to get a cert from Lets Encrypt. There are many other clients if Certbot is too problematic.
I also use AWS Linux 2 and was not able to use the Snap instructions that @griffin linked. There was a missing dependency in the distro. Some people reported success with pip install but I never tried.
What I eventually discovered was that AWS Linux 2 has version 1.11.0 in the epel package available through EC2 extras. It is a few updates behind but has been working well for my purposes. You can install with:
I make no guarantees that this will not interfere with your other software packages. I have not seen any problems with my configuration. And, I saw most of the above on a blog so at least two of us have it working like this
Here is a list of other clients from Lets Encrypt:
The specific issue here is that the tutorial uses an ancient method (the certbot-auto wrapper script) which has been deprecated for some time now and recently removed entirely. So personally I wouldn't classify this attempt to install certbot as "troubling" or "problematic", but just as "it makes sense you're getting this error". Luckily @griffin already pointed to a more recent guide to install certbot and from first hand too instead of third party ancient guides And if that doesn't work, you're rightly so to notice the pip method of installing certbot For which is also a guide on the certbot homepage of course
The other option if you're staying within the AWS infrastructure, though not using Let's Encrypt, is to use Amazon's certificates. They have an "enclave" concept where the nginx server doesn't have direct access to the certificate private key, but nginx can communicate with the enclave to do the needed cryptography on its behalf, and the enclave communicates with AWS Certificate Manager which handles the certificates and renewals for you.
That may be more complicated than you're looking to set up, though. If you're looking to go with certbot and Let's Encrypt, I'd second just using the version in epel through yum, which is also described in AWS's documentation:
(Though I don't know why that documentation suggests downloading an rpm from fedoraproject to enable epel rather than just using amazon-linux-extras. I'd think amazon-linux-extras would generally be easier.)
Another option in AWS is to front your EC2 with CloudFront (their CDN). CloudFront also supports AWS Certificate Manager (ACM) and it is trivial to setup auto-renewing certs. I know because I recently setup such a system. However, the cert from ACM in CloudFront is for https between it and the client (viewer in CF lingo). You then choose http or https (or a mix) between CloudFront and your EC2. I chose https and use Certbot and Lets Encrypt in my EC2 so I am https from EC2 through CloudFront to the client. Choosing http between EC2 and CloudFront would avoid needing a cert in EC2 and still allow https between CloudFront and your client.
I limit my description to certs here - of course deciding on CloudFront, or the Elastic Load Balancer (another ACM option for EC2), have additional considerations for the app designer.
Yes, understood.
My point there was, that I think all certbot RHEL and Fedora instructions say to install snapd.
So, it really doesn't matter much if you have 7 or 8.
I would prefer to go with some other ACME client in the case of Amazon Linux.
I use centos 7 on a VPS. I never could get the certbot python code running so I used acme.sh. The somewhat bad news is though acme.sh is open source it was sold, but it still does work with Let's Encrypt. It might be harder to install now since it targets some other certificate company.
And if that doesn't work, you're rightly so to notice the 