Category Archives: Amazon EC2

How to Clone a MYSQLI Table From Command Line

Here are the two commands you can run from the Mysqli Command Prompt to successfully clone a database table. In the example we will name our tables new_table_name and old_table_name where old_table_name is the table we wish to clone. This is the best way I have found to-date to create a backup of a mysqli table from the command line:

CREATE TABLE new_table_name LIKE old_table_name;
INSERT new_table_name SELECT * FROM old_table_name;

Be sure to enter line one above and press enter, then do the same with the second line.

Find a file using Linux find Command

If you need to find a file anywhere on a server, what directory it is in or not, the Linux Find command is your go to command! Here are some basic usage cases:

Find a file in the current directory:

find . -name "this-file.php"

Find a file anywhere on the server above the root directory:

find / -name "filename.php"

Notice in the first example we used a period and in the second we used a forward slash. The period means to search the current directory and the forward slash means to search from the root directory and will basically find a file anywhere on the file in the root directory or any of its sub-directories.

Perform a case-insensitive search:

The above commands all use the -name parameter which performs a case-sensitive search. To perform a case-insensitive search, replace -name with -iname in the above examples, like so:

find / -iname "filename.php"

Perform a wildcard search:

The wildcard character is *. If you want to find all .php files, for example, use the following command:

find / -iname "*.php"



How to change DNS settings on your local PC

Have you ever been working on a website, changed your DNS settings over to a different server and later needed to access that server again from the old domain name for some reason? Well if you are an active developer, this situation is somewhat common. I'll explain or you can skip the rest of this paragraph to quickly learn now to do it. Let's say you own the domain name and a web server with an IP address of Now assume you have a WordPress blog on that server that you had to move to another server with IP Let's say you already changed the DNS settings for to point to the new server with IP but you need to go back to the original WordPress site on the other server with an IP of What do you do? We all know a WordPress site won't function properly with just the IP address, so that is out. What you need to do is repoint to in order to access that WordPress site again. What a PITA, right? Well read on and I'll show you a fast and easy way to make the site on the original server work with even after you've pointed it to another IP address or web server! It's as simply as controlling a local host file on your local PC to make route to even though the internet routes it to! Here's how:

Using hosts file to override DNS settings for your PC

A lot of people don't realize that when you make a request to the Internet using your local computer it first checks a local copy of the hosts file for an entry and only if one isn’t present it goes out to the Internet DNS servers. Therefore there's an opportunity present for you to redirect only for your own PC if you wanted to! Here are the easy steps:

  1. Open file explorer and navigate to C:\Windows\System32\drivers\etc.
  2. Open the file named "hosts" in notepad or another text editor that could be used as a code editor such as Notepad++, which is what I use.
  3. Now simply add a line to the end of the hosts file that contains the IP address of the server you want to route the domain name too followed by a space and then the domain name you want to reroute. So in our example scenario above, you would enter a new line that reads simply:
  4. Save the hosts file and open your browser and navigate to the domain which in our example was Note that there is a difference between and, so if you want it to work with www, you have to add another entry for

If you're using Notepad++ or similar as I was, you'll need to open it in administrator mode in order to be able to save the hosts file. Good luck! That's all there is to it.

How to change local DNS settings on a Mac

If you're on a Mac, the instructions are basically the same but do this instead:

From the terminal, type:

nano /private/etc/hosts
and then add the IP and domain name as described above, so the only real difference between Mac and a PC when it comes to changing DNS settings is that you will use a different editor and the hosts file is located in different places.



How to Use IPTables

What is iptables?

iptables is a fairly flexible firewall system developed for Linux/Unix operating systems and used commonly for web server administrators to block access to servers by IP address or groups of IP addresses. It can also be used to white-list IP addresses as well. It is a command line tool that allows server administrators to enter simply one line commands to add, edit or delete rules for accessing the web server from the outside world.

Understanding iptables Infrastructure

Understanding the infrastructure of iptables in an important component to learning how to use iptables. Basically there are tables, chains and rules. Tables contain chains and chains contain rules. Here is a simple graphic to illustrate my point:


There are four default tables in iptables and you can add others if you want to get deep into config options. However, I recommend using the default tables to keep things simple. In fact, the filter table is the only one we will be messing with for now. The four default tables are filter, nat, mangle and raw.

  • Filter Table - default table for iptables. If you do not define a table, you’ll be using the filter table. The filter table has the following built-in chains:
    1. Input Chain - handles incoming connections.
    2. Output Chain - handles outgoing connections.
    3. Forward Chain - handles routing of connections like a router.
  • Nat Table - Consists of prerouting, postrouting and output chains. The prerouting chain helps translate destination ip address of the packets to match the routing on the local server. The postrouting chain translates packets as they leave the system and alters packets after routing. The output chain is NAT(Network Address Translation) for locally generated packets on the firewall.
  • Mangle Table - for specialized packet alteration. We will leave this table alone for now as it it outside the scope of this tutorial, but just know it is there.
  • Raw Table - for configuration exemptions. Raw table has a prerouting chain and an output chain.

Chain? WTF does my server need Chains for? Is it winter already?

When using iptables, there are basically three types of chains that we are mainly interested in. They are input chains, output chains and forward chains, the three chains from the filter table described above.

  • Input Chain - used to control the behavior of incoming connections. For example, if a user attempts to SSH into your server, iptables will attempt to match the IP address and port to a rule in the input chain.
  • Output Chain - used with outgoing connections. For example, if you try to ping, iptables will check its output chain to see what the rules are regarding ping and before making a decision to allow or deny the attempt to connect.
  • Forward Chain - used for incoming connections that aren’t delivered locally. It is something like a router where data is always being sent to it but is not destined for the actual router. Data is forwarded to its target. Unless you’re doing some type of routing or NATing  that requires forwarding, you probably won't use a forward chain much if at all.

Understanding iptables Commands

In order to use iptables in Linux, you need to know the basic commands, so I'll go over some of the more common iptables commands here for your learning pleasure!

Note that after you make any change, it is important to save iptables with the following command on Debian/Ubuntu servers:


or in some cases


The save command is a little different for other servers, so take note of the one that applies to your server as noted below:

  • Centos / Redhat: service iptables save or sudo service iptables save if you are not root user.
  • If that didn't work, try:  /etc/init.d/iptables save with and without sudo first.

If you don't save after a change by typing the above at your command prompt and hitting enter, you will most likely lose your changes and/or they will never take effect.

iptables Command to Block a Single Simple IP address

If you wish to simply block an IP such as from accessing your server in any way and from any port, type this at your command prompt and press enter, then save:

iptables -A INPUT -s -j DROP

Whenever possible, always test to be sure your iptables rules work after adding then to be safe. Be sure to save using the appropriate iptables save command as mentioned above after you successfully enter your new rule.

Blocking all IP addresses but your own with iptables

If your server is getting throttled and you want to lock it down immediately or you are simply under construction and don't want anyone but you to be able to access your server, here is how you can block all IP addresses from accessing your server and white-list just one or more IP addresses that will be able to access your server:

iptables -A INPUT -s -j ACCEPT
iptables -A OUTPUT -d -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP

First, you should flush your current rules(see below). Then simply replace with your own IP address in the commands above and enter each of the four commands one at a time from the command line, pressing enter after each, then save iptables.

Flushing iptables rules

To get rid of all active rules in iptables, enter the following command at the Linux command prompt:

iptables -F

Deleting Single iptables Rules

If you entered one or more iptables rules you want to delete without deleting the entire configuration, here is how to do it:

  1. List numbered rules using this command: sudo iptables -L INPUT -n --line-numbers
  2. To delete the first rule enter: sudo iptables -D INPUT 1(where 1 is the line number you want to delete)
  3. Confirm deletion took place by running the first command again and verify the rule is no longer present: sudo iptables -L INPUT -n --line-numbers
  4. Save iptables to be safe: sudo iptables-save


Restrict Number of Connections Per IP

Use connlimit to place restrictions on the number of connections allowed per IP address. To allow 4 ssh connections per client host, enter:
# iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 4 -j REJECT

Set HTTP requests to 20:
# iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 24 -j DROP

  1. --connlimit-above 3 : Match if the number of existing connections is above 3.
  2. --connlimit-mask 24 : Group hosts using the prefix length. For IPv4, this must be a number between (including) 0 and 32.


What is this nonsense after the slash in iptables ip addresses?

This is what I need to touch on before we go much further because you've no doubt seen existing rules in your iptables with IP addresses listed similar to:

...and have surely wondered why there is a slash followed by a number after the ip addresses listed in your iptables rules. Well I'll explain as best as I can in the next section as it is a little complicated to explain...

Knowing how to read and write more complex iptables rules with CIDR notation.

Learning to write iptables rules can get very frustrating if you don't understand how the notation works. CIDR, Classless Inter Domain Routing notation, is often confused with network masks which are similar but not the same. I will offer my best explanation of CIDR notation here which I've gathered from several different sources to put together an explanation I feel comfortable with:

Imagine an IP address something like xxx.yyy.zzz.www/N, where N is the number of bits from 0 to 32. Each of the other numbers represents one byte out of the 4 bytes that make up an IP address. N says how many BITS of those 4 bytes matter. So any address that looks like 10.X.Y.Z/8 refers to ANY IP starting with "10.": 8 bits = 1 byte, meaning everything after the first byte is ignored. The convention is to use zeroes in the ignored positions, so the canonical name for that subnet is Most of the time, N is a multiple of 8, so it says to ignore a certain number of bytes.

Once in a while, you'll see something other than that, like a /29. This means that PART of one of the bytes is ignored. For simplicity's sake however, we will stick to multiples of 8 in this guide.

It's also important to note that if the N is omitted, then it's usually assumed to be 32, i.e. a single IP address specification.

So, taking what I've just explained above regarding CIDR notation, Here are some general examples of how netmasks work in conjunction with iptables rules:  - A CIDR of 8 bits means that only 1 of 4 possible bytes of the IP address is noted as represented by the "10" here. so this would cover the IP range from to In other words any IP address starting with "10.". - A CIDR of 16 means that 2 of 4 possible bytes of the IP address are noted as represented here by "100.50.". In this case, a range from to is covered. - A CIDR of 24 means that 3 of the 4 IP address bytes are noted as seen here with "92.50.8." This time a range from to is represented.

Those should be the three most common types of CIDR notations. Following the above pattern of incrementing the number of bits by 8, the next logical example would be something like While that is a perfectly good notation and will work, it is also moot because 32 bits would represent the entire IP address, so you might as well enter it without the CIDR notation(with no slash and number after the IP).  In iptables rules, means the exact same thing as simply putting

What do Bytes and Bits have to do with IP Addresses?

Good question, glad I asked myself! To properly understand how CIDR notation works you have to understand the math behind it. A Byte is made up of 8 bits(that's why we increment by 8 in our previous examples). An IP address is made up of 4 Bytes or 32 Bits(4x8=32).

As you probably know, an IP address is made of of four numbers separated by dots or periods(.) like this: N.N.N.N where N can be any number from 0 to 255. This raised a question in my mind: In an IP address byte, how does a range from 0 to 255 have 8 bits? Well my question just goes to show I don't fully understand how Bytes and Bits correspond with numbers because I googled around and discovered that indeed Eight binary bits can represent any whole number from zero to 255, so the segments of a dotted decimal address are decimal numbers with a range from 0 to 255.  I think it's enough for now to understand that it is correct without getting into exactly how Bytes and Bits work with IP addresses because I don't want this tutorial to confuse you even more. Let's just know for now that 1 Byte = 8 Bits and that a Byte can be any number from 0 to 255 in an IP address which is made up of 4 Bytes and/or 32 Bits. If anyone would like to explain how this works in more detail, feel free to make a comment on this post and I'll make sure it gets published.

How to Restart a Web Server with PHP

Today, I had the task of having to write a PHP script that restarts a web server. This is not allowed by default. It should be noted before I continue, that it is not allowed because it opens a security hole. It makes possible a server attack that would lock up your server by constantly restarting it from PHP. However, now that you're aware of the risk, if you still wish to continue. Here is how it is done:

PHP Code:

    if(exec("sudo service nginx restart")) {
            echo "server restarted!<br />";
            echo "ERROR! Server failed to restart!<br />";

Test the above code. NOTE: it is likely not to work because normally you will have to edit the sudoers file on the server.

Edit the Sudoers File to Allow PHP to Use the Restart Command

On the Linode/Nginx server I am working on currently the sudoers file can be found at /etc/sudoers. It can be found in a similar location on most Linux servers. In order to edit the sudoers file on a Linux NGINX server, simply open the file and add the following to the end of the file and save it before restarting the web server:

www-data ALL=(ALL) NOPASSWD: /usr/sbin/service nginx start,/usr/sbin/service nginx stop,/usr/sbin/service nginx restart

Note that your server may require you to edit the sudoers file with visudo. If you have root access with Filezilla, you can go to /etc/ folder and download the sudoers file then edit it with notepad or notepad++ as I do.

For reference only, here are all the commands I added to sudoers file to get it to work with the site creation app that used the server restart function above:

#Ian added to allow www-data user to run nginx restart command:
www-data ALL=(ALL) NOPASSWD: /usr/sbin/service nginx start,/usr/sbin/service nginx stop,/usr/sbin/service nginx restart

#Ian added following line to allow the site maker app to change permissions of sites to 777 before deleting them:
www-data ALL=(root) NOPASSWD: /bin/chmod -R [0-7][0-7][0-7] /var/www/*, /usr/bin/chmod -R [0-7][0-7][0-7] /var/www/*
www-data ALL=(root) NOPASSWD: /bin/chmod [0-7][0-7][0-7] /var/www/*, /usr/bin/chmod [0-7][0-7][0-7] /var/www/*
www-data ALL=(root) NOPASSWD: /bin/chown www-data\:www-data /var/www/*, /usr/bin/chown www-data\:www-data /var/www/*


So there you have it, you can now restart your NGINX server from a PHP script. I put the command in an iframe so it wouldn't mess with the page I was on because when the restart command works, you'll get a connection reset notice or something similar from your browser...



Troubleshoot Email Issues

I generally dread working with email no matter what system it is on! Here I am going to discuss some useful tips for debugging an email system on a Linux server. I am using an Amazon Linux AMI with Centos, but the process is similar for any Linux server you might have. Below I will discuss how to check error files and how to avoid sending email to spam or junk folders.

Having Trouble Sending Email?

If you're emails are not getting through and you don't know why, check your server's log files. Below I'll show you how to find mist email related error logs. They can normally be found in /var/spool/mail/username which on an Amazon Linux distro would be either:




It is important to know that in the above context, username, root and ec2-user are files, NOT directories. To open one of those files, navigate to /var/spool/mail like:

cd /var/spool/mail

To open root file with your Linux command line text editor, type:

sudo vi root

...and check the last errors to see the most recent.

TIP: use [shift]+g to skip to the last line of the file using VI editor.

How to Avoid Sending eMail to Spam or Junk Mail folders

I ran several tests to find the best way to send emails from the command line without ending up in the recipient's spam or junk mail folder. Since I was using an Amazon EC2 instance with SES, I will explain the server setup used and then show the results of the tests. Some went to spam immediately and others went straight to the recipient's In Box as it should.

Amazon EC2, SES and sendmail environment

Here are the circumstances that my test cases were executed under:

The following command line commands sent emails to my In Box:

  • /usr/sbin/sendmail
  • sudo mail
  • mail

The following command line commands sent emails to my Spam:

  • /usr/sbin/sendmail -f
  • sudo /usr/sbin/sendmail -f
  • sudo /usr/sbin/sendmail

In the above examples, I didn't use parameters for subject, CC or BCC because they don't seem to make any difference. Only  using sendmail, sudo and the -f parameter made a difference to determine if the emails were delivered to my in box or spam folder.

As you can see from the above spam tests, the best way to avoid spam is to:

  • Avoid using the -f parameter even with an SES verified email address.
  • While /usr/sbin/sendmail method did work when avoiding both the -f param and the sudo command, the mail method worked with or without sudo.
  • Either use /usr/sbin/sendmail without -f parameter and without using sudo, or use mail for the best chances of your email getting through to your recipients in boxes.


Install Command Line Whois on Linux Server

If the Whois command, as demonstrated  below, doesn't work from the command line, then you likely have to install the Whois library.

Install Whois from Command Line

  1. Open a command prompt and log in to your Linux server. I use Putty to do this.
  2. change to the super user. I used sudo su or su sudo but some servers may have slightly different commands for this. Google it if you are not sure and those commands don't do the trick, or you could simply proceed all future commands with sudo if all else fails.
  3. From the command Prompt, type: yum install whois

Possible issues installing Linux Command Line Whois

WHen I installed I got an error message that said that the following:

Existing lock /var/run/ another copy is running as pid 27256.
Another app is currently holding the yum lock; waiting for it to exit...
  The other application is: yum-updatesd-he
    Memory :  29 M RSS (328 MB VSZ)
    Started: Mon May 19 19:18:12 2014 - 13:54 ago
    State  : Running, pid: 27256

So I had to learn how to kill that process and try again. Simply type:

kill ####

where #### is replaced by the pid number noted in the error. In my case it was 2756 as you can see in the red error text above.

You may have to also try these commands from command prompt if it's not working yet:

1) service yum-updatesd stop
2) chkconfig yum-updatesd off

Using Linux Command Line Whois

Once installed, Linux Whois commands are fairly easy to use. For example, if you wanted the whois data for the domain from the whois server,, then use the following commands:

 whois -h


Note the -h parameter in the first example above. Only use that if you have a specific need to specify the host of the whois server you want to query, otherwise, use the simpler second example of "whois" and you'll be good.

Here are options you can use with the Whois command as well:


-h HOST Connect to WHOIS database host HOST.
-H Suppress the display of legal disclaimers.
-p PORT When connecting, connect to network port PORT.
--verbose Operate verbosely.
--help Display a help message, and exit.


Whois Alternative, jWhois

You can also use the very similar jWhois library if whois doesn't do the trick for you. Simply use the following command to install it instead and use it similarly:

yum -y install jwhois

This worked for me(jwhois) wen the above whois instructions Did Not.

Coding a PHP Whois App that uses the Whois Command

The following PHP code will work with either whois or jWhois out of the box:

//whois servers that got what we need:
// have a try with below email!!! use with current whis first then this
function whoEmail($curdomn){
$whoserver = '';//'';//'';
$comand = "whois -h $whoserver $curdomn";
$output = shell_exec($comand);
echo "Output: $output<hr>";
$outarra = explode('Registrant Email:',$output);//key 1 is email plus xtra
$output2 = $outarra[1];
$outarra2 = explode('Registry',$output2);//key 0 is email so trim it
$emailout = trim($outarra2[0]);
//echo "Email: $emailout<hr>";
//echo "$curdomn produced:<pre>$output</pre><hr>";
return $emailout;
}//end whoEmail function.

//test function:
$e = whoEmail('');
echo "Email: $e<br>";


Notice at the top of my PHP script there are commented out whois server URLs. Feel free to experiment because I found that all of the ones listed there work with different domains. You can add more as well and increase the apps functionality by adding more code of course.


While I did find information online regarding the whois library and how to installl and use it, I found that it did not work and had to use the second option on this page, the jWhois library, which worked fine. I also went on to show you how you can write a nifty PHP script to work with the whois command, whether you used whois or jwhois, it will work the same.


How to Make a Custom 404 Error File

I guess different servers do 404 error files different ways. I am working on an Apache server, so that is what we will be covering here.

Create a custom HTML error File

This part is simple, use regular old HTML along with some CSS style to create a normal web page with whatever content you'd like users to see when encountering a 404, file not found error on your web site. For the purpose of this tutorial, you could simply copy and paste the following line into a file and name it custom404.html:

ERROR: No file found! Please try again.

Of course, feel free to use all HTML markup and CSS you like, but for demonstration purposes, the above line of text will work just fine as well.

Edit the .htaccess File

You can find a file named .htaccess in your root directory and if not, just create a new file and name it .htaccess. Note that .htaccess is a file extension and should have a dot in front of it. It's like a file without a name basically using the .htaccess extension. Weird, I know, but that's how it's done. Also be careful if you use notepad because it will try to append .txt to the file name and it won't work like that, so if you have that issue, try entering ".htaccess" with the quotes when saving the file and it should understand. So whether you found the .htaccess file or had to create a fresh one, simply append this to the end of your file and save as I just described:

ErrorDocument 404 /custom404.html

Then upload your custom404.html file to the servers web root directory and you are done! If it doesn't work, try restarting the server before moving on to the next method.


Installing PEAR on Amazon EC2 or Ubuntu Linux Server

I will show you a fast way to check if Pear exists on your Linux server and if not, we will install it.

Does PEAR Exist?

Open a command prompt to see if PEAR exists. You can do so by simply typing:
which pear
at the command prompt. If you get a response that looks similar to:
then you have PEAR installed, but if you get something similar to:
/usr/bin/which: no pear in....
then you do not have PEAR installed so read on!

Installing PEAR

On Ubuntu, you can use the following command from the command line:

apt-get install php-pear

If u don't have Ubuntu and are on a Linux server, use these two commands instead:

php go-pear.phar

Enable Browsing Files from a Browser for a Directory

This is all you have to do in order to be able to view files in a directory from any browser. If you try to go to a folder on your server with a browser and get a Forbidden, 404 or 403 error then this is the solution you need. If you go to the folder in a browser and see a webpage instead of files, then you just need to rename the index.html or index.php file to some other name besides "index" because most servers are set up to show index.php or index.html by default if no page is named in the address bar. However if you have already made sure there is no index file in your folder and you still can't view files because it says Forbidden or some similar error, then do this:

Make sure there is no .htaccess file in the folder to start with. If there is, add the line below to that file instead of uploading a new file.

Otherwise, open up your favorite notebook app that you would use for coding and start a new file. Copy and Paste the following into an empty file:

Options +Indexes

Save the file as .htaccess being sure that it saved with the period before the name. Then upload the new .htaccess file to the directory

Buy Scripts, Applications and Web Tools at

Yes, I finally am starting to sell some of my products that I have been developing for over 12 years now. I am only putting together the best tools I have made and remaking certain ones I find the most useful for sale on my website,

Types of Products for sale on

  • Email Marketing tools
  • Domain name tools
  • DNS tools
  • Server administration tools
  • webmaster tools
  • PHP tools
  • Customized tools for business
  • Have me build one custom for you if you don't see what you need

CLICK HERE TO VISIT and see what's listed for sale now. However, I do not have them all listed yet, so drop me an email or give me a phone call at 330-903-6074 or 330-417-3617 to find out how I can help you.


Want to learn more about SEO? Check out these relative books from Amazon:

Install WordPress from the Command Prompt

Today I was thinking to myself, "Why do I have to upload all these files via FTP each time I install WordPress?". I think this because I install WordPress probably close to a hundred times a year being a web developer who specializes in WordPress. Therefore, I decided to provide this tutorial on how to install WordPress from the Linux command line for those of you with Linux servers. Windows servers will have a very similar method, so this mostly applies there as well. I did this on an Amazon Linux AMI in an EC2 instance, but the instructions are almost the same for any Linux web server. Let's get started!

Installing WordPress from the command line is a lot faster than downloading it, unzipping it and then uploading it using an FTP client such as FileZilla. Here is how to install WordPress on an Amazon Linux web server using an EC2 instance as I am in this example. You can make minor adjustments to the process for other servers. Here are the steps:

  1. Open up a command prompt - I use Putty for this. In putty, you enter the IP address or domain name of the server first. If you are using Amazon EC2, you will also have to point it to the public key file by clicking on SSH/Auth/browse and then selecting the location of your .ppk key file. After entering the IP or domain and providing a key file location if needed, click on "open" to open a command prompt and enter a username and password if required to get to a command prompt.
  2. Once you have your command prompt,  go to your web root directory which should be something like var/www/html and you can then type:    wget from the command prompt to download WordPress from thier main repository.
  3. To untar, type:   tar xvzf latest.tar.gz -C /var/www/html   where /var/www/html should be replaced with your web root or where you want WordPress to reside in your file system. Or if you are in the correct directory where you want it you can simply use: tar xfz latest.tar.gz 
  4. WordPress will now be in /var/www/html/wordpress. If you don't want to access and want WordPress at instead, move it there by typing the following at the command line:
    mv /var/www/html/wordpress/* /var/www/html

Now you will have WordPress where you want it. You may have to play with permissions on some servers to get it to work right but this tutorial should have gotten you far enough to finish the job now. Good luck.

Be sure to visit to view my portfolio and see the web development services I offer! You an also email me at if you need anything.

Installing Godaddy SSL Certificate on Amazon EC2

I have installed Godaddy SSL HTTPS certificates on many Amazon EC2 instances and I always end up having to look stuff up every time I do it, so I am creating this tutorial for future reference and to help others who have issues installing SSL certificates. The definitely are not the easiest things to install in the world by far! Godaddy certificates are a lot easier to install than Semantic or VeriSign certificates however. They are a lot cheaper too, but do not have the good reputation for security that VeriSign/Semantic has.

First Steps for Installing SSL Certificates:

  1. Log in to your account and click in the drop down under your name in the top left green nav bar, click on "My Account".
  2. Then click on the plus sign next to  "SSL Certificates" and select the certificate you most recently purchased and click on the orange "Set Up" button on the right. Then select your service in the drop-down that appears and click on the green "Set Up" button.
  3. Next, Click on the "Launch" Button to open your certificate control panel. Since you are installing the certificate on a third party server, Amazon, select the third party server option in the "Hosting Options" dialog and enter your CSR by following the instructions for CSR in the next section.


Generating a Certificate Signing Request (CSR) - Apache 2.x

  1. Log in to a secure shell. I uses Putty for this.
  2. Enter the following at the command prompt:openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr                                  Replace yourdomain with the domain name you're securing. For example, if your domain name is, you would type coolexample.key and coolexample.csr.
  3. Provide the information asked for when doing the above command. You do not have to enter a password if you want to make the process simple and you don't have to enter any of the data that is specified as optional.
  4. After answering the questions, type "ls" at the command prompt to list the content of your directory and you should see the two files you just generated with the CSR signing request. Open the .csr file by typing "sudo vi yourdomain.csr" and highlight the entire file and copy it to your clipboard with cntrl+c.
  5. Paste the text into your Godaddy account  below where it says "Enter your Certificate Signing Request (CSR) below:".
  6. Check the box to agree to terms of service and click the continue button leaving the other options set to default. Your certificate should be emailed to you.
  7. Next login back into your Godaddy account and click on "request certificat" next to the certificate you just did the CSR for.
  8. You do not have to wait for the email though, to get your certificate, go back to your account main page by clicking on "My Account" from the main nav on Scroll down to "SSL Certificates" again and click "Launch by your new certificate. If it is not ready yet, wait for your email and try again.
  9. wait on email....

Server  Configuration for SSL Certificates

The next thing you will have to do, after you have received your certificate files from Godaddy, is to configure your web server to deal with SSL and HTTPS. To do so, first check that you have open ssl and mod_ssl installed by creating an info.php file with the following contents:




Upload info.php to your server's web root directory which will be /var/www/html on an Amazon Linux AMI. Then go to your info.php file in a web browser by navigating to You can verify that you have Open SSL by using the find feature of your browser and searching for "openssl" and check to make sure that it says enabled after the second instance of openssl you find on that page.

You can verify the existence of mod_ssl by searching info.php for "mod_ssl" if it is there, it is activated most likely. Just make certain it is listed under the loaded modules in your php info file.

Installing mod_ssl

If in the previous step, you could not find mod_ssl, it probably isn't installed. To install mod_ssl, open up a shell command prompt and type the following command at the command prompt:

sudo yum install mod_ssl

Type "y" for yes to give permission to install the module.

Now you can see mod_ssl in loaded by confirming it's presence in your info.php file from before.

Configure httpd.conf and ssl.conf

Before you start the following steps, go to your command prompt for your web server and make backup copies of your httpd.conf and ssl.conf files using the following commands:

cd /etc/httpd/conf

sudo cp httpd.conf httpd.conf.bkup

cd /etc/httpd/conf.d

sudo cp ssl.conf ssl.conf.bkup

  1. Next, download your files from Godaddy as described above. Unzip them onto your desktop and upload them to your ec2-user folder on the web server. Your key files should already be there from when you generated a CSR earlier
  2. If you're using an amazon Linux basic AMI, you will have a separate ssl.conf file at etc/httpd/conf.d/ssl.conf and your httpd.con file will be in the etc/httpd/conf/ folder. Open up /etc/httpd/conf.d/ssl.conf in vi using the command: sudo vi /etc/httpd/conf.d/ssl.conf
  3. Find the following lines and edit them according to the file names you just uploaded and your key file name:     SSLCertificateFile /home/ec2-user/
    SSLCertificateKeyFile /home/ec2-user/site.key SSLCACertificateFile /home/ec2-user/gd_bundle.crt
  4. Replace "site" with the actual file name above, then save the ssl.conf file in vi editor by typing :wq and if you didn't know how to edit in vi editor, u have to type "i" to insert or delete text then hit the esc key to get out of insert mode.
  5. Restart Apache by typing "sudo service httpd restart" at the command prompt and pressing return. If no errors occurred, you did everything correctly and your ssl certificate will work now. If Apache didn't restart, you have a problem in your config file most likely so check your error logs or read the output error and fix the problem and restart until it works. If all fails revert back to the original backed up config files and restart the process until it works.

Updates when I did this again in December of 2016

When I installed an SSL certifiate in December of 2016, the process was close to the one described above, so I'll leave it there for reference and note any differences here. One obvious difference is that the Godaddy site has changed, but not so much as to make the above instructions not work. You will just have to be aware that some of the buttons and links are a little different than I have described above. Also, I noticed that almost none of the Godaddy links to support and information worked, so it was difficult and nearly impossible to find any help from Godaddy's website. That is why I decided to update my guide here.

Info Needed for a CSR

Here is a list of the basic information you will be asked for when doing a Certificate Signing Request or CSR:

1- Country Name(2 letter code):
2- State or Province Name(full name):
3- Locality Name(eg, city):
4- Organization Name(eg, company):
5- Organiztion Unit Name(eg, section):
6- Common Name(eg, your name or your server's hostname):
7- Email Address:
8- Company name:

In December, 2016, I was able to use the command described above to get the CSR files from the Amazon server. So I got the CSR and received the email from Godaddy several minutes later. Here is the relavent portion of the email they sent me after I filled out the Godaddy CSR form on their site:

----------------------------Begin email from Godaddy:--------------------------

Dear Secure Certificate Customer,

Congratulations on becoming an SSL certificate owner for the domain:! We're delighted to have you on board.

What's Next?

Step 1

  • Download your certificate, by logging in to your account at FOR SECURITY REASONS.

Step 2

  • Click here to follow our easy instructions to install your certificate.

Step 3

  • We've partnered with McAfee SECURE to deliver more value with your SSL Certificate. By installing the McAfee SECURE trustmark on your website, your site will be monitored by McAfee 24/7. McAfee SECURE trustmark will display on every page of your site and right in the search results of Google, Yahoo!, Bing and Ask.To add the seal to your site, log in to your SSL account at (Link Removed), select your certificate, then choose your seal from the “Seal” options.


If you have any trouble or questions, contact us and let us know. We are available to help around-the-clock, seven days a week.

Customer Support:
Phone: 480.463.8887
Fax: 480.393.5009

For further information, log in to your account at

----------------------------End email from Godaddy--------------------------

Naturally, I attempted to follow the instructions emailed me in the above email message. I completed step one by clicking on the link they provided(or you can navigate to the SSL cert yourself from your Godaddy account). You simply click the link in step one from the email, click on the domain name that represents the current SSL certificate you wish to install, and click on the "Download" icon in the resulting web page.  That will open a page that asks you the server type you wish to install the SSL certificate on. The options are:

  • Apache
  • Echange
  • IIS
  • Mac OSX
  • Tomcat
  • Other

How to Find Your Server Type

In order to to figure out what type of web server you're running, from Linux you can issue the following command from a shell prompt(command prompt):

curl -I

Type the curl command replacing with a domain name that points to your server and press enter. When entering the above command you should see results similar to this:


Notice the text that I circled in red. It says I'm on a cloudflare-nginx server. So for server type, I would choose "other". Then I clicked the download button.

So far, so good, but when I went on to step two after successfully downloading the SSL certificate files, the link that Godaddy provided in step two for instructions fails to open a web page, so you are on your own for instructions. Again, that is why I have provided the information here. I hope it helps people.

Installing SSL Certificate on Bitnami ec2 with WordPress

If your webroot directory is /opt/bitnami/apps/wordpress/htdocs then you are surely usig a Bitnami ec2 with WordPress stack. In that case, here are the modified instructions for installing your SSL certificate:

Open your bitnami.conf file at /opt/bitnami/apache2/conf/bitnami/bitnami.conf by navigating to the directory and executing this command:

sudo vi bitnami.conf

scroll down to the virtual host settings for port 80 and port 443 and change this: DocumentRoot /opt/bitnami/apache2/htdocs

to this:

DocumentRoot /opt/bitnami/apps/wordpress/htdocs

in each virtual host(ports 80 and 443).

Find the lines in the virtual host declaration for port 443 that look similar to:

SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/uniquecertname.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/uniquegenerated.key"

Delete the above lines and replace them with the following lines:

SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/YourOWN.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/YourOWN.key"
SSLCertificateChainFile "/opt/bitnami/apache2/conf/gd_bundle-g2-g1.crt"

Make sure you change the above files names with your own however and make sure you've placed the files named in the proper locations. THe first one, YourOwn.crt, will be replaced with the file you downloaded from Godaddy when you purchased your SSL certificate. The second file will have  been created when you created your certificate signing request from the command line before you obtained your files from Godaddy and can normally be found in /home/bitnami. The last line is for your bundle certificate which should also have been in the files you downloaded from Godaddy. Place all three files in the /opt/bitnami/apache2/conf/ directory by opening each(before they exist) in vi editor then copy and pasting their content and saving them. I use that method because filezilla FTP clients will not allow you to modify files in this directory.



That's all there is to it. It's difficult if you don't have precise instructions to follow for your particular web server, so if you have an Apache server on an amazon ec2 instance, following these instructions in this tutorial should have you up and running with HTTPS in no time at all. If you are using a different type of server or hosting provider, the instructions will be similar but will differ in some spots, so be careful as this tutorial was written for Amazon, Linux users in mind.






How to Remove an Entire Directory in Linux

To remove a directory in Linux, you use the rm command line command from a shell prompt with the -r argument to let Linux know to do a recursive delete where it delete all files including sub-directories and files in sub folders. Here is what you would enter into the command prompt to delete a directory named MyDirectory:

rm -r MyDirectory

You can also use the -f argument with the -r argument if Linux bothers you with a bunch of queries as to whether you want to delete certain files, but I found that it was not always necessary. When you find yourself having to type "yes" a thousand times however, use this command instead to stop it from asking you to confirm deletion:

rm -rf mydirectory

 Don't Delete via FTP!

I found that when you need to clean up a server or delete hundreds, thousands or more files, using an FTP program like Filezilla becomes very inefficient. I found that logging into shell with Putty and using the above command, rm -rf mydirctory, works much faster and has way less problems. Definitely worth the extra time to log into a shell account!

Connecting to Amazon Cloud Server using Filezilla

Go to Filezilla and click edit/settings and select "sftp" in the left column of the pop up window. Then in the right side of the window, click on the "Add key file..." button to add your new key file to Filezille so you can connect to your Amazon EC2 web server. Click "Ok" to close the Filezilla settings popup.

Now go to the Filezilla Site Manager by clicking on the icon under "File" in the top tool bar. enter the IP address of your server where it asks for a host. Select SFTP for protocol. Select Normal as the logon type. Enter ec2-user as the user name and leave the password blank. Finally click connect to open your server and place a check beside the box to always trust.... so you don't have to do it each time.

Convert .pem to .ppk File

If you have an Amazon EC2 server like me, you have probably had to convert a .pem file to a .ppk. No matter why you might need to convert a .pem to a .ppk, here is how it's done.

  1. Start PuTTYgen
  2. Click "Load" and select the .pem file then click "Ok" when it says it generate the key.
  3. Click "Save private key" then click "yes" to allow it to download without a pass-phrase as you don't need one with Amazon.
  4. That's it! Pretty easy huh! now X out the window and go get your key file from where you downloaded it to. You are done. Follow the link at the bottom of this tutorial for a new tutorial on how to connect to your EC2 web server using the FileZilla FTP client.


Low level steps:

  1. If you don't have PuTTYgen, download Putty and start the Start PuTTYgen app that comes with it. Google "download putty" to get the latest release.
  2. Just click Load and upload your .pem file.
  3. Do not mess with any of the defaults on the next screen unless you know what you are doing. Simply click "Download Private Key..."
  4. Save it to a safe place then follow the link below to learn how to use your new .ppk file with Filezilla to connect to your instance.

Connect to Amazon EC2 Server with FileZilla:

Amazon EC2 Lost Key Pair Fix

Okay, so say you lose your Amazon cloud server's key pair. uh oh, yes, you are in trouble, but not to worry to much, there is a solution. The solution is pretty complex if you try to learn it from Amazon docs, so here is an easy explanation that worked for me.


  • know the instance name
  • write down the availability zone:
    Zone: us-east-1b
  • Write down the instance id

High level steps:

Follow these high level steps if you know your way around Amazon's management console fairly well, otherwise, read on for more specific instructions for replacing an Amazon EC2 instance's key pair and regain access to your server.

  1. Shut down instance.
  2. Make a new AMI from the instance.
  3. Launch new instance using the AMI you created.
  4. Create and download a new key pair.
  5. Start the new instance and check that the key pair works then delete the old instance if you wish.


  1. Go to and login to your account. Select EC2/instances and place a check-mark beside the running instance you need a new key pair for and then select "stop" from the actions drop down. Finally click yes to stop the instance.
  2. With the same instance still checked, select "Create Image" from the "Actions" drop down. Give the image a name and a description and leave rest of defaults for most cases, then click "yes create". Take note of the id that looks similar to ami-5d623734 in the next window.
  3. Click on "AMIs" in the left nav and click "Launch" to launch a new Instance with the AMI". Click to continue. Make selections similar to your previous instance you are replacing the key pair for. Be sure to select the same availability zone.
  4. When you get to the third step of creating a new instance, where it says create a key pair, be sure you select "Create a new key pair" and create and download the file. Also be sure to select the same security group you had on the original server. When you are done creating the new instance, write down the instance id like: i-f9ead583 or i-11438868
  5. Wait for the instance to be created, it can take a few minutes. Go back to your Instances page and place a check beside the newly created Instance. Then you will see it's information pop up at the bottom of the page. copy the URL that looks like You can get the IP from that URL by taking the numbers after the ec2- so in my case, the ip was as you can see those numbers in the above URL.

Now that you have your new server, if you need help connecting to it, follow my next tutorial on how to connect to an Amazon ec2 instance and convert a .pem to a .ppk file here:

then after that, follow the link at the bottom of that tutorial to learn now to gain FTP access to your Amazon ec2 web server.


How to Install a Web Server on Amazon EC2

This is a step by step tutorial on how to install a web server on an Amazon Linux AMI in EC2. I, Ian L. of, have personally used this method to set up well over a dozen web servers for myself and my clients. I have perfected this method and edited the directions according to what I have found works the best. Take note where I noted that you do not need to make database tables if you don't want to and you plan to install PHPmyAdmin as instructed towards the end of the tutorial. Have fun!

Starting a Free Amazon Web Server:

Sign up for an Amazon Web Services account:

The first step to migrating your website to the cloud is to sign up for AWS using the link below.

Go to and sign up.

Next, you need to set up your account before you can launch a server into the cloud. Start by going to and following these few steps to set up your account for the cloud:

  1. Click the “EC2” tab.
  2. On the left column of the page, under the “Network & Security” heading, click on “Security Groups”.
  3. In the right column click on the “Create Security Group” button. Enter a name and description in the pop up window then hit the “yes create” button.
  4. Just under the “Create Security Group” button is a list of existing groups. Your new group should be here. Make sure it is the only one checked.
  5. Further down in the right column click on the “inbound”  tab and set up your server’s ports. Here is another tutorial I wrote on how to set this up that you should take a look at because it is a little complex and very important to get correct the first time: opens in new window or tab). This has changed a little and now you don't have to do this here if you don't want to...or if you do it wrong, you can have another chance when you are setting up your instance. If you do it when you set up your instance, refer to the same link just mentioned as well and you'll be okay.


  1. Make sure you click on the button that reads “Apply Rule Changes” once you have the ports set up like we do in the above image.
  2. Now go back to the left navigation column of the page and click on the "key pairs" link.
  3. Click “Create Key” in the right column.
  4. Give the key pair a name that relates to your server like “iansserver” and save it to your local machine. Save it to the desktop or somewhere you can find it easily because you will need it soon.

Creating a server instance in the cloud

Now comes the fun part! We are going to create a virtual private server or VPS in the cloud on amazons network of servers for little or no cost at all! Currently as of March 2012, Amazon allows new users to receive a year of free services. Be careful though, there are limitations, so monitor your account to make sure you only use services on the free tier and that you don’t exceed any set limitations. Read online support for more information on charges that could apply. Follow the following steps to set up a free micro instance of a Linux web server complete with web server, PHP, database server and PHPMyAdmin. Those are the minimal things you should definitely have to create dynamic web sites.

  1. Picking up on the same page we left off on above, click on “instances” in the left navigation column of the amazon webpage.
  2. Click “Launch Instance” to make the instance wizard appear. Make sure “Classic Wizard” is selected in the pop up and click on “Continue”.
  3. On the “Choose an AMI” pop up, select the AMI that reads “Basic 64-bit Amazon Linux AMI ” it will have a notice by it indicating it is in the free usage tier. Check the box to select this AMI and click "Next...".
  4. In the “instance details” and the step after it, just accept the defaults by clicking on “Next...” two times.
  5. You should now be at the point where there is a key and value column. Leave “name” in the key column and enter a name that describes your server in the value column like “64bit_linux”. Click Continue.
  6. Now you should be on the “create key pair” pop up. Select the key pair name you saved earlier in step 9 above and click continue.
  7. Now in the “configure firewall” pop up, select the preexisting security group you named earlier and click continue.
  8. Review your settings and click “Launch”. Click on “View your instances on the Instances page” and watch your new cloud server appear under “My Instances”.
  9. Check the instance name and make sure no others are checked.
  10. Look down below and find where it gives details for the checked instance. Start a notes page in notebook to record important info and copy and paste the public DNS address for safe keeping you will need it soon.
  11. Open PuttyGen and click on file/load private key and load in the file you saved to your desktop earlier that has a .pem extension. When it’s loaded, click save private key to save the .pem file as a .ppk file
  12. Open Putty and enter the public DNS where it says “Host name”.
  13. Under “Category” in the left column of the Putty window, click to expand “SSH” then click on “Auth” then click browse and select the .ppk file you saved earlier. Click open.
  14. Now a terminal window should appear asking for a username. First a pop up may appear saying the server’s host key…. Just click yes then Enter “ec2-user” for username in the terminal window and hit enter. If it says “…AMAZON LINUX AMI…” you did good! If not backtrack and find out where you messed up.

Okay congrats, you have successfully launched your bare bones server! There is currently no software on it though, so the next several steps are going to involve installing PHP, a database and required libraries to support them and the web server.

Installing server software on your Amazon EC2 AMI instance

  1. First install PHP and the web server software. Type the following at your command prompt then hit “y” whenever prompted:

sudo yum install php-mysql php php-xml php-mcrypt php-mbstring php-cli mysql httpd

  1. Next install MySQL software. Type the following command and hit “y” when prompted:
sudo yum install mysql-server


  1. Start the mysql server by typing:
     sudo /etc/init.d/mysqld start
4.  Set the root password and record it in your notebook page you started earlier for safe keeping. Type:
mysqladmin -u root password UrPassWord
where UrPassWOrd is a unique secure character combo.

NOTE: THE NEXT FEW STEPS ARE OPTIONAL DEPENDING WHAT YOU ARE ATTEMPTING TO DO. YOU DON'T HAVE TO CREATE THE DATABASE TABLES HERE THOUGH, YOU CAN WAIT AND DO SO LATER, AS NEEDED FROM PHPMYADMIN. I included the next three steps to demonstrate how to work with mysql from the command line though as it is a good learning exercise, so you should do it anyway just for the sake of learning.
5.Log into mysql by typing:
mysql -u root –p
then enter the password from step 4.
6.  Type the following commands, hitting enter after each semicolon:
GRANT SELECT, INSERT, UPDATE, DELETE ON [DataBase NAME].* TO '[DataBase NAME]_user'@'localhost';
7.  Be sure to make a note of both users you created in your notes with the usernames and passwords you used above. Type “exit” then type “sudo chown ec2-user /var/www/html” hit enter to change the owner of the html dir to the ec2-user user.
8.  Type “sudo vim /var/www/html/index.php” and hit enter to start a test .php file as the home page of your new live site on your new cloud VPS.
9.  Hit “I” to put the text editor in insert mode and type some basic HTML to test php and the server. Something like this will do:
<h1>Hello World!</h1>
10.   Hit “ESC” and type “:wq” to save and quit the vim editor. Then start your server with: "sudo service httpd start".
11.   Goto your notepad and get the public DNS address you recorded in your notes earlier. Copy and paste that address to your browswer’s address bar. If it works you should see the bold text: hello world! If it didn’t work and you receive an error with 13 in it, type “sudo chown ec2-user /var/www/html/index.php” and that should fix it.

Okay you now have a working web server! You just need to do some final steps to get the database PHPMYADMIN up and working.


Installing PHPMyAdmin

Now let’s install PHPMyAdmin to complete our web server:
Here is how:
1.  Navigate to the html folder:
cd /var/www/html
2.  Type: wget
3.  Unzip by typing: tar -jxf phpMyAdmin-3.4.1-all-languages.tar.bz2 -C /var/www/html
4.  Rename the directory by typing: mv phpMyAdmin-3.4.1-all-languages phpmyadmin
5.  Make a config directory in the phpmyadmin main folder:
cd /var/www/html/phpmyadmin
mkdir config
cp /var/www/html/phpmyadmin/ /var/www/html/phpmyadmin/config/
6.  Open in VIM text editor by typing:
sudo vim /var/www/html/phpmyadmin/config/
7.  Find the line that reads “$cfg['blowfish_secret'] = '';” and change it so it reads:
$cfg['blowfish_secret'] = 'yoursecretcode';
You can enter anything you want for your secret code above as long as it’s not over approximately 60 characters.
8.  Find the line that reads “$cfg['Servers'][$i]['AllowNoPassword'] = false;” and change false to true only if you don’t have a root password set or if you are not sure. You can always come back and change this to false again later when you tighten up your server’s security as you will want to do before too long.
9.  Hit “Esc” to get out of insert mode in your text editor. Then type:
Type it just like that, including the semicolon, to save and exit the file.
10.   Go to http://your_public_DNS/phpmyadmin/ and enter you mysql admin username and password. You should have recorded these in your notes when setting up the database above in step 7 of the previous section(not this one).

You should now be logged into your new phpMyAdmin section of your VPS server. If so, you have successfully created a cloud VPS server with all of the most essential components to develop a live dynamic PHP website! Once you are done or if you do not intend to use this instance, terminate it so you don’t get billed for it later on after your free year expires. If you intend to use it, do not terminate it or you will lose all of your work!

To learn more about how to connect to an instance go to and learnn to connect to your instance.

To become root user in putty type:

sudo su

Starting server from putty

Open putty

Enter the public DNS of the server instance which can be found in your AWS dashboard and looks like into the host name field in putty. UPDATE: now Amazon IPs are simply like

In the left column under “category” expand “ssh” and click on Auth

Click browse and select your security key file you created while creating your server instance, it will be a file like: adamskey.ppk you should of saved it on your desktop for convenience.

Click open and your terminal window should come up.

At the login prompt, enter ec2-user and hit enter.

You should see several lines of text with “Amazon Linux AMI” in the middle then a command prompt at the end.

You are now in your server. If you need root access, type sudo su


The best tutorial I found on how to get a linux micro instance up and running with a web server  was at:

Tip: find public data at:


To find out how to use Filzilla with your instance:








Here is how I didn command line server installation second time because above didn’t work:


Yum install httpd

Yum install php

Yum install mysql-server mysql

Service httpd start

Service mysqld start