Install Letsencrypt SSL to your Lightsail WordPress
Update September 2024
Please use the Bitnami Tool for easy installation as provided below:
sudo /opt/bitnami/bncert-tool
Just follow the instructions and provide information as it follows. You can always use letsencrypt-auto renew to renew all the certificates or just use a certbot.
If the above does not work for you, then you can try the manual process as below.
What is an SSL Certificate? And why you need it.
With the ever-growing internet, cybercrime is increasing and so are the solutions to protect websites. In the past, Google has been encouraging website owners to use HTTPS protocol that ensures all the communication from your computer with the website is encrypted.
You may be thinking, alright my website is not asking for any information from the user and neither I am giving any downloads so, there is no communication going on. But you are wrong, here’s why you will need an SSL certificate even if you do not have an e-commerce website.
This July, Google has made the safety measures more severe. The new release of Chrome 68, all the sites that haven’t adopted HTTPS will be marked not secure by Google. The websites with HTTPS will continue to display a green mark on the website URL. Google also gives websites with HTTPS more priority and slight ranking boost. Here’s why SSL is important and what it does.
SSL (Secure Socket Layer) is evolving over the past 20 years. With SSL you can ensure sensitive information of your user will be transferred over a secure network. Many companies or small businesses do not adapt to SSL because of their cost. But it’s 2019 and SSL’s are quite cheap and even we will show you how you can get one for free.
An SSL will ensure:
- Trust for your customers.
- Safety of your domains and subdomains.
- SEO advantages.
SSL on LightSail AWS | Bitnami Stack
Well, you must have heard this. In the official documentation by Bitnami, they claim to have a worthless dummy certificate installed by default. But if you open your browser, most of the times you will get an error notification saying SSL Certificate Name Mismatch. This is annoying and not our goal.
So, let’s stick to our goal and get started.
Now you can get an SSL certificate for free from Let’s Encrypt. I will show you how to install an SSL certificate on this website the blog is on blog.brandviser.com.au
Connecting to your instance
Open LightSail by going to lightsail.aws.amazon.com or just log in to your AWS console on aws.amazon.com and search for LightSail in the search box.
After logging in successfully, you will be able to see all your instances. Now on the instance on which you wish to install an SSL certificate, click on the hamburger icon and then connect or simply click on the SSH icon > _. This will SSH you into your LightSail instance.
Step 1: Install and Run Let’s Encrypt Certbot
There are a few different ways to install Let’s Encrypt. One of them is using certbot with apt-get but unfortunately didn’t execute well for me. So, here’s the method I use and should be easy for you as well.
In your SSH window, type in the following commands:
sudo apt-get install git
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
/home/bitnami/letsencrypt/letsencrypt-auto certonly -w /home/bitnami/apps/wordpress/htdocs -d yourdomain.com.au -d www.yourdomain.com.au
In the above code: -w gives the path to your HTTP root and the-d adds more domains to your certificate. I suggest to always add your domain as well as your domain with www in it.
The certbot will ask you for an authentication method, choose “Webroot” (option 2):
How would you like to authenticate with the ACME CA?
— — — — — — — — — — — — — — — — — — — — — — — — —
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
Select the appropriate number [1–2] then [enter] (press ‘c’ to cancel): 2
The certbot will then create temporary links for validation on your server. Enter Questions such as your Country, email etc. After this it will proceed to Cleaning Challenges:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for yourdomain.com.au
http-01 challenge for www.yourdomain.com.au
Using the webroot path /home/bitnami/apps/wordpress/htdocs for all unmatched domains.
Waiting for verification…
Cleaning up challenges
After successfully validating, the certbot will erase all the temporary files created and will give you an Important Notes message with some useful information.
IMPORTANT NOTES:
— Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/yourdomain.com.au/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/yourdomain.com.au/privkey.pem
Step 2: Inform Apache
Copt the following code:
sudo nano /home/bitnami/stack/apache2/conf/bitnami/bitnami.conf
This will prompt the Bitnami Configuration file and you will have to edit the following lines.
SSLCertificateFile “/etc/letsencrypt/live/yourdomain.com.au/cert.pem”
SSLCertificateKeyFile “/etc/letsencrypt/live/yourdomain.com.au/privkey.pem”
SSLCertificateChainFile “/etc/letsencrypt/live/yourdomain.com.au/fullchain.pem”
Save it by pressing CMD X or CTL X and press enter
Step 3: Reload the Apache Server
sudo /opt/bitnami/ctlscript.sh restart
Step 4: Renew Certificates
By default, Let’s Encrypt Certificates are valid for 90 days. 90 days can be quick, and you can easily forget to renew it. So, I recommend automating the process.
Update SSL Certificate on the 1st of every month:
sudo crontab -e
Now it will ask you to select an editor. Select your preferred one and type the following:
0 5 * * 1 /home/bitnami/letsencrypt/letsencrypt-auto renew | sudo /opt/bitnami/ctlscript.sh restart
This automation will renew the Let’s Encrypt Certificate on the 1st of every month at 2:00 am. I suggest you to still manually check in the following month for security.
Step 5: Testing your SSL
Check whether your webpage is prompting with the SSL or not. This will make you so happy. A very good 3rd party took to check this is SSLLABS. It will show you the overall rating. If you get an ‘A’ then you are good to go.
STEP 6: Update WordPress to always use SSL
This step is to make sure WordPress uses SSL everytime someone visits the website.
Open the file:
sudo nano /opt/bitnami/apps/wordpress/conf/httpd-prefix.conf
Add the following on the top:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://www.yourdomain.com.au/$1 [R,L]
Step 7: Restart your server
sudo /opt/bitnami/ctlscript.sh restart
Now you should have encrypted your site on your LightSail instance.
Please let me know, if this was helpful. Follow our YouTube Channel Brandviser Australia for more tutorials.
I just follow you everyone step
But I had a problem with when I ran the script, below:
/home/bitnami/letsencrypt/certbot-auto certonly -w /home/bitnami/apps/wordpress/htdocs -d jsshun-daily.com -d http://www.jsshun-daily.com
and response
equesting to rerun /home/bitnami/letsencrypt/certbot-auto with root privileges…
Non-ASCII domain names not supported. To issue for an Internationalized Domain Name, use Punycode.
I try to so hard and fix it
but I don’t know what happens.
can you help me? thank you
Hi Mate,
This is because your domain name contains a special character which is “-” . In order to fix this you have to convert your domain name using Punycode. Simply use something like punycoder.com and generate the code for your domain name. Use that one in the query. Should work.
This method worked for almost everyone if done properly.
Let me know if this helps.
Cheers!
Also you do not have to write -d http://www.jsshun-daily.com Just put it like -d http://www.jsshun-daily.com
Thank a lot! This saved me a lot of time after looking at other Bitnami articles those were not even helpful.
Happy that it helped you.
remote: Counting objects: 100% (11/11), done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 64318 (delta 3), reused 7 (delta 2), pack-reused 64307
Receiving objects: 100% (64318/64318), 21.25 MiB | 2.86 MiB/s, done.
Resolving deltas: 100% (47017/47017), done.
Checking connectivity… done.
root@ip-172-26-14-155:~# cd letsencrypt/
root@ip-172-26-14-155:~/letsencrypt# /home/bitnami/letsencrypt/letsencrypt-a
uto certonly -w /home/bitnami/apps/wordpress/htdocs -d mydomain.com -d
http://www.mydomain.com
bash: /home/bitnami/letsencrypt/letsencrypt-auto: No such file or directory
showing this error to me no such file or directory
Hey Mate,
First of all, you do not need to write http in the code with www. Simply write -d http://www.mydomain.com
Please repeat the process from start and let me know if any issues.
Hi Shivam… I Have Successfully Install The SSL Certificate.. Through This Process
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress
But I Having A Problem in RENEWING It.. Can Plz Help Me Out
You need to use Auto Cerbot to renew the certificates automatically. Check the last part in the article or visit the video link to have a look.
HI men. Thanks a lot for your guide.
I have a problem when run code
when entering the command “cd letsencrypt” it asks for password. What will it be?
Try using sudo before that or have you added any encryption while installing the certificate.
hi
once I execute the command
sudo nano /home/bitnami/stack/apache2/conf/bitnami/bitnami.conf
i get like this only
# Default Virtual Host configuration.
<IfVersion
NameVirtualHost *:80
NameVirtualHost *:443
DocumentRoot “/opt/bitnami/apache2/htdocs”
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion
Order allow,deny
Allow from all
= 2.3 >
Require all granted
# Error Documents
ErrorDocument 503 /503.html
# Bitnami applications installed with a prefix URL (default)
Include “/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf”
[ Read 69 lines ]
no SSL certificate installed
how to do like your video demo, i am not getting that
You may have tried installing letsencrypt before as well. Try to delete the existing certificate and then installing again. Otherwise just change your IP, take a snapshot of instance and start as a new instance.
Hope this helps.
Shiv.
I have the same issue. Did you find a solution?
Good day! Do you know if they make any plugins to assist with Search
Engine Optimization? I’m trying to get my blog to rank for
some targeted keywords but I’m not seeing very good gains.
If you know of any please share. Cheers!
Hi,
Yes there are many and the best one to use will be Yoast.
If you require more information, please email to shiv@3.25.80.77
Hi,
Yes there are many and the best one to use will be Yoast.
If you require more information, please email to shiv@3.25.80.77
sudo crontab -e
no crontab for root – using an empty one
888
i have this mistake
Hi Shivam
do you know why your certificate expired since 6 days on this webiste? It doesn’t inspire confidence to use your method then if there is a lag into the update? 😀
Hi Thibault,
Thanks for your comment.
We are sorry for the inconvenience caused. There was a server issue as we were moving the database and so does the certs. Hope there will be no problem in the future. You can believe in us. Once again! thank you for your feedback.
Hello:
There seems to be a problem at the very first step. “git clone https://github.com/letsencrypt/letsencrypt”
On October 10th, when I tried it, it seems this location is not correct.
Sorry for the late response, let us know if you still are struggling with the issue.
Hi,
While am running Inform Apache
sudo nano /home/bitnami/stack/apache2/conf/bitnami/bitnami.conf
I got this error
AH00526: Syntax error on line 49 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/opt/bitnami/apache2/\xe2\x80\x9c/etc/letsencrypt/live/asassociates.org.in/cert.pem\xe2\x80\x9d
‘ does not exist or is empty
How do I fix this?
Hi,
This issue is usually with the locations of key files and pem. Don’t worry, just close the terminal and start over again, override any setting previously set.
Let us know if that works.
Thank you!
Hey man!
I get an error
Syntax error on line 48 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateKeyFile: file ‘/letsencrypt/live/www.domain.com/privkey.pem’ does not exist or is empty
But when I get the message ” Congratulations! Your certificate and chain have been saved at:”
Is the same path so not sure what could be wrong.
It is because of double quotes.
Change the right double quotes.
SSLCertificateFile “/etc/letsencrypt/live/yourdomain.com.au/cert.pem”
SSLCertificateKeyFile “/etc/letsencrypt/live/yourdomain.com.au/privkey.pem”
SSLCertificateChainFile “/etc/letsencrypt/live/yourdomain.com.au/fullchain.pem”
to this
SSLCertificateFile “/etc/letsencrypt/live/yourdomain.com.au/cert.pem”
SSLCertificateKeyFile “/etc/letsencrypt/live/yourdomain.com.au/privkey.pem”
SSLCertificateChainFile “/etc/letsencrypt/live/yourdomain.com.au/fullchain.pem”
I hope this helps
Thanks, but I am getting stuck here always. I have checked everything many times (even deleted and restarted tutorial about 3 times) and I always get the same reply when I restart the web server. I believe it is appending /etc/letsencrypt… to /opt/bitnami.. . I made sure to modify the bitnami.conf as per your tutorial. I get this reply after entering sudo /opt/bitnami/ctlscript.sh restart:
bitnami@ip-172-26-9-249:~/letsencrypt$ sudo /opt/bitnami/ctlscript.sh restart
AH00526: Syntax error on line 46 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/opt/bitnami/apache2/\xe2\x80\x9c/etc/letsencrypt/live/gobrillia
nt.com/cert.pem\xe2\x80\x9d’ does not exist or is empty
apache config test fails, aborting
/opt/bitnami/php/scripts/ctl.sh : php-fpm stopped
/opt/bitnami/mysql/scripts/ctl.sh : mysql stopped
/opt/bitnami/mysql/scripts/ctl.sh : mysql started at port 3306
/opt/bitnami/php/scripts/ctl.sh : php-fpm started
AH00526: Syntax error on line 46 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/opt/bitnami/apache2/\xe2\x80\x9c/etc/letsencrypt/live/gobrillia
nt.com/cert.pem\xe2\x80\x9d’ does not exist or is empty
apache config test fails, aborting
Hi sir,
I followed your procedures meticulously and this was the result i got at my restart:
SSLCertificateFile: file ‘/opt/bitnami/apache2/\xe2\x80\x9c/etc/letsencrypt/live/yddi.org/
cert.pem’ does not exist or is empty
There should be an error in installation. This means the pem files are not located. Install the certificate again and overide the last one. This will work.
Hi.
I got a certificate rating of “B” does this affect the performance of the SSL certificate installed?
What is your website url ?
Anyhow it does not impact the website for its functions but is always good to get ‘A’ cert.
You can always issue another certificate and try again.
Let me know if this helps.
Hi Shivam,
while following tutorial on terminal window, copy pasting was not working properly, so before i edit first step i could not fully remove example domain name
that is “-d yourdomain.com.au”, now it’s giving me problem. neither i can remove letsencrypt folder nor delete the wrong domain name that i entered.
what should i do?
Hi Rajat,
Just go through the process again with your domain name. It should override the existing one in most cases. Let me know if this helps or this answers your query.
Worked perfectly, thank you!
Hi Shivam, thanks for the guide,
It worked very well, but now I installed a second website in a subfolder.
I followed this guide and everything seems ok.
https://community.bitnami.com/t/help-setting-up-apache2-virtual-host-config-for-bitnami-wordpress-for-two-sites-not-multisite/67427/8
Then I repeat the steps here, but not everythign is working good.
In https://www.ssllabs.com/ under
Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI
I receive a MISMATCH error because is showing the main domain website url.
Is there anything more than I modify inside apache/bitnami configuration?
Thanks in advance
CS
Hi Cristian,
I believe there is a mismatch error due to two different folders. The ssl cert is always looking for your primary domain, hence a mismatch.
You have to check your directories and also you can reinstall all the certifications and add your new domain as a wildcard.
Hi Shivam, thanks for your answer 🙂
How I do the installation as a wildcard?
Thanks
CS
Perhaps it is time for the tutorial author to perform a cold run of the steps spinning up a new lightsail instance?
There is a missing command and error due to mismatch. Use the new BNTool mentioned in the description in start of the blog.
It works for me! Thank you for saving my day.
Cheers!
For anyone getting the following error:
SSLCertificateKeyFile: file ‘/letsencrypt/live/www.domain.com/privkey.pem’ does not exist or is empty
How to fix:
This issue happens because when you copy the SSLCertificateKeyFile from the tutorial, the quotes are copied incorrectly.
You need to copy the string over and then remove and replace the double quotes by typing them into nano.
This will make use the correct double quotes and you won’t get the syntax error anymore.
Thank You Toby,
Much appreciated and thank you for your insights.
Hey I tried your method a while ago and it worked very well.
I was just trying to implement it in another website. When running the first part I get the following message:
Skipping bootstrap because certbot-auto is deprecated on this system.
/home/bitnami/letsencrypt/letsencrypt-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/
Your system is not supported by certbot-auto anymore.
Certbot cannot be installed.
Hi Leo,
Apologies for the delayed response.
You can now just use bncert tool and then just follow the steps. Check the heading of the article as it has been updated.
Thank you for visiting.
Hi shivam sagar
Excellent job
I have three questions
1what is the difference between this method of SSL and others available in the market which we have to buy?
2 WordPress passwords intact or not after SSL applied. (on ec2 when we apply SSL they then WordPress passwords, not worknig)
3 can you applied SSL without domain just on IPs.
Hi Malik,
1. This method gives you the free SSL from https://letsencrypt.org/. The quality is industrial standard with 256bit encryption. The others in market do have the same encryption but comes with various other seals. You can check them out.
2. I have never seen passwords affected with SSL. Should not be an issue. Also the first thing you should do is to install SSL so things won’t get worse in end.
3. As long as it is a public IP address, it should not be a problem. You may have to check other market SSLs for this.
Please follow us on Instagram for updates https://www.instagram.com/brandviser/
Perfect! Thank you
Hi, thank you for this article! Then I encountered a problem when I executed it again, can you help me find the reason?
bitnami@ip-:~/letsencrypt$ pwd
/home/bitnami/letsencrypt
bitnami@ip-:~/letsencrypt$ /home/bitnami/letsencrypt/letsencrypt-auto certonly
-w /home/bitnami/apps/wordpress/htdocs -d mydomain.com -d http://www.mydomain.com
-bash: /home/bitnami/letsencrypt/letsencrypt-auto: No such file or directory
bitnami@ip-:~/letsencrypt$