In my previous article, I explained I was moving my blog to Amazon Lightsail, it was a pretty painless move and to be honest I was very happy with the experience.
That is until I realised I was going to need to sort out the SSL certificate that is installed by default. The image created by Bitnami comes with a dummy certificate which, to be honest, isn’t useful to us on our nice new shiny domain. So how to solve this, luckily there is a way that is free of charge for things like blogs and that is located over at Lets Encrypts website, anyone thinking SSL certificates still cost a small fortune for things like a small blog should read on.
So now you know about Lets Encrypt how do you go about using one of their certificates. Luckily that has been made pretty painless by the Lets Encrypt team and you can install and enable a certificate with the minimum of fuss. And you can do that like so:
Install and run the Lets Encrypt certbot program.
You could do this with a package manager but I went with the following:
After accessing your Lightsail instance via ssh create a directory
mkdir certbot
cd certbot
Download the certbot
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
Run the certbot for your domain (don’t forget all domain names in this case I have two)
./certbot-auto certonly --webroot -w /home/bitnami/apps/wordpress/htdocs/ \
-d yourdomainhere.com \
-d www.yourdomainhere.com
You now need to edit /home/bitnami/stack/apache2/conf/bitnami/bitnami.conf and make it look like the below picture, this means commenting out the default certificates and adding the new ones in.
Now you need to restart the WordPress stack, Bitnami have a script for doing this and you can do so by typing the following:
sudo /opt/bitnami/ctlscript.sh restart
Now when you refresh your browser (and use the HTTPS protocol and not the HTTP one) you should get that padlock you’d been wanting.
One quick reminder is that these certificates are only valid for 90 days you can run the tool again or you can set up a cron job to update this. In order to add a cron job to update this certificate do the following.
Open up the crontab (as root) with
crontab -e
Now add the following in the file that opened:
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && /home/bitnami/certbot/certbot-auto renew && /opt/bitnami/ctlscript.sh restart
This code adds a random time factor so not everyone in the world hits the certbot servers at the same time, and restarts the server so the new certificate is used.
Hope this helps.