Previously we observed the process of installation of the free SSL certificate on Ubuntu 18.04 and Ubuntu 16.04. In this post you will learn how to install or renew SSL certificate by Comodo on AWS EC2 instance or any Linux server.

Purchase and Install SSL certificate

Step 1 – Purchase SSL certificate

Choose SSL type

In order to purchase Comodo Positive SSL certificate, please execute following steps:

– Go to the SSL Shopping Cart
– proceed with the best option that suits you.

We provide our customers with several options with cheap prices. There are three options available at the moment:

– Positive SSL certificate with one year subscriptuon
– Positive SSL certificate with two years subscription
– Positive SSL wildcard certificate

It is up to you which option to select. If you need a regular and common choice as your AWS SSL certificate EC2 – choose Positive SSL. If you need SSL for multiple subdomains you will have to use wildcard SSL.

SSL configuration

As soon as you made and paid for your order you can login to the Client Area. Now you can start the process of SSL certificate configuration. Go to Active Services page and select just purchased SSL certificate. You will see Configure now status at the bottom of the page.
SSL Configuration StatusFrom now you are ready to start the process of SSL configuration. Select “New Order” as order type and Web Server Type you are going to use. Then press Generate CRS button.

SSL server information options

Please fill corespondent fields in CRS generator and pay attention to Common Name this is your domain name where SSL certificate will be installed.

CRS online generator

As soon as you completed CSR generation you can move to administrative contact of the SSL certificate and click Continue button.

When you’re requested to select Certificate Approval option I recommend you to use HTTP option.

SSL approval option

This option allows you to put a file to your server to approve your domain. This option is like Google Webmaster domain verification method, and everyone who is familiar with this option will do it without any issues. Then click Continue button and back to Service Details.

As a result on Service Details page you will see information about the file you should upload to the server.

SSL validation information

Now you need to create directory in your web server root .well-known/pki-validation, you can do that via FTP server or with bash command:

Put your validation file from the Hash File field with content from Content field to the server via FTP or with bash command:

and press Revalidate button. As soon as you get Success message you will receive zip archive to your Administrative contact email. Now you are ready to install your new SSL certificate to your EC2 instance or Linux server.

Step 2 – EC2 SSL certificate installation

To install SSL certificate on your EC2 instance you need to SSH to your instance and configure web server to serve secured connections.

For your comfort create directory for each domain that will have SSL certificate:

NB! Do not forget to change YOUR_DOMAIN to your real domain name.

Put your private key to /etc/nginx/ssl/live/YOUR_DOMAIN/privkey.pem , and your SSL chain to /etc/nginx/ssl/live/YOUR_DOMAIN/fullchain.pem

To make a full chain go to Client Area , select your SSL certificate, copy paste Certificate (CRT) and Intermediate/Chain files to fullchain.pem

Finally it is time to configure NginX vhost file to server SSL connections on your EC2 instance. Here is my example:

After configuration is done test and reload NginX web server so the changes take effect:

Hence it is time to check that you EC2 SSL instance works correctly. Open your browser and enter your domain to the search bar. If everything is OK you should see valid SSL certificate.Valid SSL certificate

Renew SSL certificate

Process of renew SSL certificate is almost the same as ordering new SSL certificate, but you should select “Renewal” as order type. You may start renewal within 90-days before expiration, after renewal process is done your certificate will be added to the old one and remained days will be also added. Also you should use your old CRS in order not to change the private key. In case you lost it, you can always generate a new one, but in this case do not forget to change Private key.
SSL Renewal option

Above all you should keep in mind that renew SSL certificate is not the same process as domain name renewal.  Because you should upload new version of the SSL certificate to the server. Therefore repeat step 2 to install new version of SSL certificate to your Linux server.


Now you know how to install new certificate on AWS EC2 instance or any Linux server. Please pay attention not to forget to renew SSL certificate when the time comes. With our proactive server management services you should not worry about renewing SSL certificates, as our monitoring system checks SSL certificates and reports any issues to our technical team. As soon as we get an alert we start an upgrade process and notify our clients. This is a good option not to care about SSL certificate and it’s expiration and just know that it works!


Don’t know which certificate is right for you…

The Author

Alex Kondratiev
Co-founder & CEO ITSyndicate


SSL certificate

Any comments?