Amazon Lightsail VPS servers and AWS instances will usually crash when trying to create Let’s Encrypt certificates using certbot if there’s not enough memory.

There are two ways to fix this:

Option 1

Upgrade to an Amazon Lightsail VPS or EC2 instance with 1GB of memory or more

Option 2

Temporarily add swap space to your Amazon Lightsail VPS or EC2 instance

See my post on upgrading Amazon Lightsail VPS or follow the instructions below to add temporary swap space to your Lightsail server.

How to Add Temporary Swap Space to Amazon Lightsail VPS

Step 1 – Add the swap file

sudo dd if=/dev/zero of=/swapfile bs=1024 count=524288
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

Step 2 – Generate your certificates

sudo /opt/certbot/letsencrypt-auto certonly -c /etc/certbot/www.yourdomain.com.conf --renew-by-default

Step 3 – Remove the temporary swap space

sudo swapoff /swapfile
sudo rm /swapfile

Step 4 – Add all of the above to your cron job

Edit your certbot cron job:

sudo pico /etc/cron.weekly/renew-ssl-certificates

It should look something like this:

dd if=/dev/zero of=/swapfile bs=1024 count=524288
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
/opt/certbot/letsencrypt-auto certonly -c /etc/certbot/www.yourdomain.com.conf --renew-by-default
sudo swapoff /swapfile
rm /swapfile
service nginx restart

Your certbot and cron job commands will look different depending where you’re running them from and depending on the name and location of your configuration files.

If your Lightsail server has less than 1GB of memory then you should consider adding swap space permanently to your VPS, it will significantly increase stability.

Feel free to leave comments or questions below, and if you need help managing your Lightsail or AWS server then get in touch with me here, it’s one of the services I provide.

I hope you found this article helpful, and don’t forget to like my Facebook page.

Much love,
Arador

1 COMMENT

  1. Great tutorial. Just one question, I’m using linux and based on the cron job information on the certbot website it sounds like I can just add the following line:

    “./certbot-auto renew –no-self-upgrade”

    Instead of:

    “/opt/certbot/letsencrypt-auto certonly -c /etc/certbot/www.yourdomain.com.conf –renew-by-default”

    for the weekly cron job.

    So my weekly cron would look like this:

    dd if=/dev/zero of=/swapfile bs=1024 count=524288
    chmod 600 /swapfile
    mkswap /swapfile
    swapon /swapfile
    ./certbot-auto renew –no-self-upgrade
    sudo swapoff /swapfile
    rm /swapfile
    service apache restart

    I just wanted to confirm if this is a workable solution.

    If not, my problem is there is no certbot folder in “opt”(there are no folders or files in “opt”), and just a letsencrypt folder inside of “etc”, and my certbot-auto executable is in root. I am a little confused on the file path based on your example on how to write it out correctly.

    Any help is appreciated, and thanks again for this great tutorial.

LEAVE A REPLY

Please enter your comment!
Please enter your name here