Install Lets Encrypt SSL in bitnami lightsail runs on Apache

Stop all services

$ sudo /opt/bitnami/ctlscript.sh stop

Run the following command in the terminal. Replace the email id with your email address and domain name with your domain name. Lets encrypt will verify the domain name. Make sure the domain names are pointed to the IP address of lightsail instance.

sudo /opt/bitnami/letsencrypt/lego –tls –email=”alvin@devopsconfig.com” –domains=”devopsconfig.com” –domains=”*.devopsconfig.com” –path=”/opt/bitnami/letsencrypt” run

Now the ssl certificates will be available in the following directory

/opt/bitnami/letsencrypt/certificates/

Once the above command is succeeded, go to the certificated directory.

$ cd /opt/bitnami/letsencrypt/certificates

Remove the exisiting certificated. Here, I’m backing it.

sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old

Create a symlinks to the certificated in the default certificate directory in bitnami
sudo ln -sf /opt/bitnami/letsencrypt/certificates/devopsconfig.com.key /opt/bitnami/apache2/conf/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/devopsconfig.com.crt /opt/bitnami/apache2/conf/server.crt

Change the ownership to root
sudo chown root:root /opt/bitnami/apache2/conf/server*

Change the permission to 600 so that only root will have read & write access on the certificates.
sudo chmod 600 /opt/bitnami/apache2/conf/server*

Start all services
sudo /opt/bitnami/ctlscript.sh start

The validity of Lets Encrypt certificates are 90 days. We will need to renew it every 90 days. We can automate it using a cronjob.

To automate the renewal Let’s Encrypt certificate, create a script like. I’m gonna put that script under “sudo vim /opt/bitnami/letsencrypt/scripts/”

directory.

sudo vim /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

#!/bin/bash

sudo /opt/bitnami/ctlscript.sh stop apache
sudo /opt/bitnami/letsencrypt/lego –tls –email=”alvinjaison@outlook.com” –domains=”devopsconfig.com” –domains=”www.devopsconfig.com” –path=”/opt/bitnami/letsencrypt” renew –days 90
sudo /opt/bitnami/ctlscript.sh start apache

Give executable permission to the script

chmod +x /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

Create a cronjob to run the script every day.

sudo crontab -e

0 0 1 * * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh 2> /dev/null