Now we are sailing we are open.

In my previous article, I explained I was moving my blog to Amazon Lightsail, it was a pretty painless move and to be honest I was very happy with the experience.

That is until I realised I was going to need to sort out the SSL certificate that is installed by default. The image created by Bitnami comes with a dummy certificate which, to be honest, isn’t useful to us on our nice new shiny domain. So how to solve this, luckily there is a way that is free of charge for things like blogs and that is located over at Lets Encrypts website, anyone thinking SSL certificates still cost a small fortune for things like a small blog should read on.

So now you know about Lets Encrypt how do you go about using one of their certificates. Luckily that has been made pretty painless by the Lets Encrypt team and you can install and enable a certificate with the minimum of fuss. And you can do that like so:

Install and run the Lets Encrypt certbot program.

You could do this with a package manager but I went with the following:

After accessing your Lightsail instance via ssh create a directory

mkdir certbot
cd certbot

Download the certbot

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

Run the certbot for your domain (don’t forget all domain names in this case I have two)

./certbot-auto certonly --webroot -w /home/bitnami/apps/wordpress/htdocs/ \
-d yourdomainhere.com \
-d www.yourdomainhere.com

You now need to edit /home/bitnami/stack/apache2/conf/bitnami/bitnami.conf and make it look like the below picture, this means commenting out the default certificates and adding the new ones in.

certs

Now you need to restart the WordPress stack, Bitnami have a script for doing this and you can do so by typing the following:

sudo /opt/bitnami/ctlscript.sh restart

Now when you refresh your browser (and use the HTTPS protocol and not the HTTP one) you should get that padlock you’d been wanting.

One quick reminder is that these certificates are only valid for 90 days you can run the tool again or you can set up a cron job to update this. In order to add a cron job to update this certificate do the following.

Open up the crontab with

crontab -e

Now add the following in the file that opened:

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && /home/bitnami/certbot/certbot-auto renew

This code adds a random time factor so not everyone in the world hits the certbot servers at the same time.

Hope this helps.