Get Let’s Encrypt SSL Certificate
An SSL certificate plays a crucial role in the HTTPS protocol by providing details such as the domain name, owner’s name, public key (used for encrypting data), and validity dates. While paid SSL certificates from companies such as Symantec, Godaddy, and RapidSSL may be a suitable option for websites conducting financial transactions, a free SSL certificate from Let’s Encrypt can be sufficient for blogs that only collect user information through forms.
Using SSL Certificate with Certbot and Apache
The Certbot client provides an efficient and straightforward method for generating an SSL certificate without the need for multiple WordPress plugins. This can be accomplished through the Linux shell. Before proceeding, it’s important to ensure that all server packages are up-to-date by running the following command:
sudo apt-get update.
Install CertBot
Using Certbot with the Bitnami WordPress Distribution on AWS LightSail Although the Bitnami WordPress distribution on LightSail comes with an SSL script, some users have reported difficulties with certificate renewal. For this reason, we recommend using Certbot. Before installing the Certbot client, it’s necessary to install Snap on the Bitnami instance. Use the following commands to accomplish this on your LightSail instance:
sudo apt-get install snapd
sudo snap install core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Generate Certificate
With the Certbot client installed, you can now proceed to generate a certificate for your domain.
sudo certbot certonly --webroot -w /opt/bitnami/wordpress/ -d www.example.com -d example.com
Replace “DOMAIN” with your actual domain name when generating a certificate. If you require certificates for multiple domains, you can add them using the -d
option. For more information on the Certbot client, visit their official page.
The generated certificate will be stored in the /etc/letsencrypt/live/DOMAIN
directory, where DOMAIN
is the first domain name specified in the command.
It’s important to include both the www and non-www versions of your domain in the certificate to avoid security errors for users who may not be redirected automatically by their browser.
If you’ve already obtained an SSL certificate and wish to include additional domains, simply run the above command again. The Certbot client will prompt you to expand the existing certificate and regenerate it by typing ‘E’.
Modify Apache using Let’s Encrypt SSL Certificate
After obtaining the SSL certificate using one of the methods mentioned above, you need to inform Apache of the certificate’s location.
By default, Apache stores the certificates at the following locations:
/opt/bitnami/apache2/conf/bitnami/certs/server.crt
/opt/bitnami/apache2/conf/bitnami/certs/server.key
One approach to enable the new SSL certificate is to simply copy it to the default locations and restart Apache. However, this requires you to repeat the process every time the certificate is renewed.
A more efficient method is to create symbolic links to your certificate files, allowing for seamless certificate renewal.
Before creating the symbolic links, it’s necessary to rename the existing certificate files to facilitate the process.
sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt.old
sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.key /opt/bitnami/apache2/conf/bitnami/certs/server.key.old
Create a symbolic link to the certs
sudo ln -sf /etc/letsencrypt/live/[DOMAIN]/fullchain.pem /opt/bitnami/apache2/conf/bitnami/certs/server.crt
sudo ln -sf /etc/letsencrypt/live/[DOMAIN]/privkey.pem /opt/bitnami/apache2/conf/bitnami/certs/server.key
Restart the Apache
sudo /opt/bitnami/ctlscript.sh restart apache
Once Apache has been restarted, try accessing your blog using HTTPS to verify that there are no errors.
Enforcing HTTPS on Your Blog
After setting up the Let’s Encrypt SSL certificate and linking it to Apache, the next step is to redirect your blog to HTTPS instead of HTTP.
This involves two steps. Firstly, you need to modify the home URL of your blog by editing the wp-config.php file.
Edit the wp-config.php file and replace the following two lines, directing them towards HTTPS instead of HTTP.
define('WP_SITEURL', 'https://DOMAIN/');
define('WP_HOME', 'https://DOMAIN/');
Edit /opt/bitnami/apache2/conf/vhosts/wordpress.conf
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
Now all traffic will redirect to HTTPS
Renew The SSL Certificate
Run the below command to renew the SSL certificate
sudo certbot renew
Restart the Apache
sudo /opt/bitnami/ctlscript.sh restart apache