SSL Installation on AWS

SSL (Secure Sockets Layer) is a security technology that protects the data exchanged between a user’s browser and your website or application.

It is a digital certificate that:

• Makes your website open with https:// instead of http://

• Shows the padlock icon in the browser

• Protects the data between the user and your server

• Builds trust and removes browser “Not secure” warnings

Think of SSL like a lock on your website.

Without SSL → Anyone can read the data
With SSL → Data becomes encrypted (locked)

Example:
Without SSL:

username=ashish&password=1234
 

 

With SSL (encrypted):

4j3h34JH34JKH2339==sd8923==
 

 

Why SSL Is Important for AWS Node.js Servers

• Mandatory for API security

Your Node.js backend will receive:

• User logins

• Tokens

• Payment requests

• Personal data

All these must be encrypted.

• Removes “Not Secure” warnings

Chrome, Safari, Edge all show warnings without SSL.

• Required for SEO (Google ranking)

• Required for payment gateways (Razorpay / Stripe / PayU)

 

What Files the Client Must Provide (AWS EC2)

When the client purchases an SSL certificate from GoDaddy, Namecheap, Sectigo, etc., they must give three files:

When the client purchases an SSL certificate from GoDaddy, Namecheap, Sectigo, etc., they must give three files:

 

File	Purpose
yourdomain.key	Private key used to verify website ownership
yourdomain.crt	Main certificate
ca-bundle.crt	Chain/intermediate certificate

 

These 3 files are MANDATORY for AWS EC2.

If they send a .pfx file →
This is NOT used in AWS EC2.
We convert it only if required.

 

 Where Will SSL Be Installed in AWS?

Most AWS Node.js production setups work like this:

User → HTTPS (443) → Nginx (SSL installed here) → HTTP → Node.js (port 3000)

 

SSL is installed in Nginx, not inside Node.js.

This is the industry standard.

 

Step-by-Step: Install SSL on AWS EC2 for Node.js

Below is the exact step-by-step process you will follow.

Step 1 — Connect to AWS EC2 Server

From terminal:

ssh -i yourkey.pem ubuntu@your-ec2-public-ip
 

 

Step 2 — Create SSL folder

sudo mkdir -p /etc/ssl/yourdomain

 

Step 3 — Upload SSL files

Upload these 3 files using WinSCP / FileZilla / scp:

yourdomain.key
yourdomain.crt
ca-bundle.crt
 

 

Upload into this folder:

/etc/ssl/yourdomain/
 

 

Step 4 — Combine certificate + CA bundle

cd /etc/ssl/yourdomain
sudo cat yourdomain.crt ca-bundle.crt > fullchain.crt
 

 

Now you have:

• fullchain.crt

• yourdomain.key

These two files are required for Nginx.

 

Step 5 — Install Nginx

sudo apt update
sudo apt install nginx -y
 

 

Step 6 — Configure Nginx for SSL

Open default config:

sudo nano /etc/nginx/sites-available/default
 

 

Replace everything with:

server {
    listen 443 ssl;
    server_name yourdomain.com www.yourdomain.com;

    ssl_certificate /etc/ssl/yourdomain/fullchain.crt;
    ssl_certificate_key /etc/ssl/yourdomain/yourdomain.key;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$host$request_uri;
}
 

 

Step 7 — Test and Restart Nginx

sudo nginx -t
sudo systemctl restart nginx
 

 

Step 8 — Open Port 443 in AWS

Go to:
AWS Console → EC2 → Security Groups → Edit inbound rules

Add:

Port	Protocol	Source
443	TCP	0.0.0.0/0

Now HTTPS will work publicly.

 

6. Confirm SSL Is Working

Visit:

https://yourdomain.com
 

 

All done. Let us know if you need any support.

Book a short virtual meeting: https://calendar.app.google/yk5FVmgRzvvEmN2d6