Add Let’s Encrypt SSL to Lightsail


Install Letsencrypt scripts

(letsencrypt folder is in /home/bitnami)

git clone
cd letsencrypt
./certbot-auto certonly -w /home/bitnami/htdocs -d

-w is where your webroot is located and the multiple -d flags are for the domains that you want to secure.

The cert files are written to /etc/letsencrypt/live

Update Apache to use the new certificates

sudo vim /home/bitnami/stack/apache2/conf/bitnami/bitnami.conf

Comment out the default SSL Certificate lines so that you are left with the following 3 lines.

SSLCertificateFile "/etc/letsencrypt/live/"
SSLCertificateKeyFile "/etc/letsencrypt/live/"
SSLCertificateChainFile "/etc/letsencrypt/live/"

Restart the LAMP stack.

sudo /opt/bitnami/ restart


The certificate needs to be updated every 90 days to remain valid. So keep hold of the command you used to generate the certificates as you will currently have to return every 3 months to refresh the certs. Hence this blog post – I’m keeping my command here ready for a refresh !

Login to SSH, go to letsencrypt directory.

Manual – Run:

./certbot-auto renew



sudo crontab -e

Choose your preferred editor and type the following:

0 3 * 1 * /home/bitnami/letsencrypt/certbot-auto renew | sudo /opt/bitnami/ restart

This will auto-renew the Let’s Encrypt certificate on the first of every month at 3:00am. It’s a good idea to run a manual check to ensure everything is working as it should.


More info on LetsEncrypt – and





Using free LetsEncrypt https SSL on Bitnami LAMP on EC2


Leave a Comment