Configure HTTPS on Amazon Linux 2 with Apache, Namecheap, Let's Encrypt and Certbot automation

A complete, practical tutorial that walks you through setting up a secure HTTPS website on a single Amazon Linux 2 EC2 instance using Apache, Elastic IP, and Let’s Encrypt Certbot — without Elastic Load Balancer or AWS Certificate Manager.

This tutorial also explains how to generate and use self-signed certificates for local testing before moving to a trusted CA-signed setup.

What you’ll learn

• The fundamentals of SSL/TLS, including encryption, authentication, and integrity
• How TLS handshake and the certificate chain of trust actually work
• How to create and use self-signed certificates for internal or testing environments
• How to install and configure Apache (httpd) and mod_ssl on Amazon Linux 2
• How to set up a Virtual Host and enable HTTPS on port 443
• How to connect a Namecheap domain to your EC2 via DNS (A + CNAME records)
• How to install and configure Certbot to get free, trusted certificates from Let’s Encrypt
• How to verify your SSL setup with OpenSSL and SSL Labs

Who it’s for

This tutorial is designed for:

• Cloud and DevOps engineers who need a single-instance HTTPS setup
• Developers deploying small projects without ACM or a load balancer
• Learners who want a clear, reproducible path from HTTP to HTTPS on EC2

Prerequisites

• AWS account with permission to deploy EC2 resources
• Node.js 18+, npm, AWS CLI, and AWS CDK installed locally
• A registered domain (e.g., from Namecheap)
• Basic familiarity with Linux and SSH

Deliverables

• Source Code (ZIP) — AWS CDK (TypeScript) project that provisions:
  • VPC, Security Groups, Elastic IP, and EC2 instance in us-east-1
• Tutorial PDF — Full step-by-step walkthrough covering:
  • TLS theory and self-signed certificate generation
  • Apache + mod_ssl setup on Amazon Linux 2
  • Certbot installation and Let’s Encrypt automation
  • DNS configuration (Namecheap example)
  • HTTPS verification and troubleshooting

What you’ll achieve

By the end of this tutorial, you’ll have:
✅ A fully functional EC2 instance serving your domain securely over HTTPS
✅ A working self-signed certificate for internal use or testing
✅ A public CA-signed certificate from Let’s Encrypt with automatic renewal
✅ A clean, reproducible infrastructure you can redeploy anytime