Stop all services
$ sudo /opt/bitnami/ctlscript.sh stop
Run the following command in the terminal. Replace the email id with your email address and domain name with your domain name. Lets encrypt will verify the domain name. Make sure the domain names are pointed to the IP address of lightsail instance.
sudo /opt/bitnami/letsencrypt/lego –tls –email=”alvin@devopsconfig.com” –domains=”devopsconfig.com” –domains=”*.devopsconfig.com” –path=”/opt/bitnami/letsencrypt” run
Now the ssl certificates will be available in the following directory
/opt/bitnami/letsencrypt/certificates/
Once the above command is succeeded, go to the certificated directory.
$ cd /opt/bitnami/letsencrypt/certificates
Remove the exisiting certificated. Here, I’m backing it.
sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
Create
sudo ln -sf /opt/bitnami/letsencrypt/certificates/devopsconfig.com.key /opt/bitnami/apache2/conf/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/devopsconfig.com.crt /opt/bitnami/apache2/conf/server.crt
Change the ownership to root
sudo chown root:root /opt/bitnami/apache2/conf/server*
Change the permission to 600 so that only root will have read & write access on the certificates.
sudo chmod 600 /opt/bitnami/apache2/conf/server*
Start all services
sudo /opt/bitnami/ctlscript.sh start
The validity of Lets Encrypt certificates are 90 days. We will need to renew it every 90 days. We can automate it using a cronjob.
To automate the renewal Let’s Encrypt certificate, create a script like. I’m gonna put that script under “sudo vim /opt/bitnami/letsencrypt/scripts/”
directory.
sudo vim /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
#!/bin/bash
sudo /opt/bitnami/ctlscript.sh stop apache
sudo /opt/bitnami/letsencrypt/lego –tls –email=”alvinjaison@outlook.com” –domains=”devopsconfig.com” –domains=”www.devopsconfig.com” –path=”/opt/bitnami/letsencrypt” renew –days 90
sudo /opt/bitnami/ctlscript.sh start apache
Give executable permission to the script
chmod +x /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
Create a cronjob to run the script every day.
sudo crontab -e
0 0 1 * * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh 2> /dev/null