Install Letsencrypt scripts
(letsencrypt folder is in /home/bitnami)
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./certbot-auto certonly -w /home/bitnami/htdocs -d tcfarm.ca
-w is where your webroot is located and the multiple -d flags are for the domains that you want to secure.
The cert files are written to
Update Apache to use the new certificates
sudo vim /home/bitnami/stack/apache2/conf/bitnami/bitnami.conf
Comment out the default SSL Certificate lines so that you are left with the following 3 lines.
SSLCertificateFile "/etc/letsencrypt/live/tcfarm.ca/cert.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/tcfarm.ca/privkey.pem" SSLCertificateChainFile "/etc/letsencrypt/live/tcfarm.ca/fullchain.pem"
Restart the LAMP stack.
sudo /opt/bitnami/ctlscript.sh restart
The certificate needs to be updated every 90 days to remain valid. So keep hold of the command you used to generate the certificates as you will currently have to return every 3 months to refresh the certs. Hence this blog post – I’m keeping my command here ready for a refresh !
Login to SSH, go to letsencrypt directory.
Manual – Run:
sudo crontab -e
Choose your preferred editor and type the following:
0 3 * 1 * /home/bitnami/letsencrypt/certbot-auto renew | sudo /opt/bitnami/ctlscript.sh restart
This will auto-renew the Let’s Encrypt certificate on the first of every month at 3:00am. It’s a good idea to run a manual check to ensure everything is working as it should.