Add Let’s Encrypt SSL to Lightsail

INSTALLATION

Install Letsencrypt scripts

(letsencrypt folder is in /home/bitnami)

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./certbot-auto certonly -w /home/bitnami/htdocs -d tcfarm.ca

-w is where your webroot is located and the multiple -d flags are for the domains that you want to secure.

The cert files are written to /etc/letsencrypt/live

Update Apache to use the new certificates

sudo vim /home/bitnami/stack/apache2/conf/bitnami/bitnami.conf

Comment out the default SSL Certificate lines so that you are left with the following 3 lines.

SSLCertificateFile "/etc/letsencrypt/live/tcfarm.ca/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/tcfarm.ca/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/tcfarm.ca/fullchain.pem"

Restart the LAMP stack.

sudo /opt/bitnami/ctlscript.sh restart

KEEP UPDATING.

The certificate needs to be updated every 90 days to remain valid. So keep hold of the command you used to generate the certificates as you will currently have to return every 3 months to refresh the certs. Hence this blog post – I’m keeping my command here ready for a refresh !

Login to SSH, go to letsencrypt directory.

Manual – Run:

./certbot-auto renew

 

AUTOMATED:

sudo crontab -e

Choose your preferred editor and type the following:

0 3 * 1 * /home/bitnami/letsencrypt/certbot-auto renew | sudo /opt/bitnami/ctlscript.sh restart

This will auto-renew the Let’s Encrypt certificate on the first of every month at 3:00am. It’s a good idea to run a manual check to ensure everything is working as it should.

 

More info on LetsEncrypt – https://letsencrypt.org/ and https://certbot.eff.org/

 

 

 

Sources:

Using free LetsEncrypt https SSL on Bitnami LAMP on EC2

https://medium.com/unicorn-supplies/ssl-for-aws-lightsail-wordpress-8053359a774f

 

Leave a Comment