Having hosted my own website from Amazon Lightsail, I found it hard when first applying the SSL Certificate to the website. Finding useful information on this on google or on youtube gave some suggestions such as using a load balancer. Using this method wouldn’t be the best solution for a small website and would also be an added expense for someone, so I wanted to share the documentation and method I found on Amazon.
So if you want users not to see a threatening screen such as the one above when they are trying to view your website, make sure you follow the guide below.
You can find a guide that I put together on Youtube below or follow the instructions on this page.
Install Cerbot on your Lightsail Instance
If this is the first time you are installing your SSL certificate through SSH, then you first need to install Certbot on you Lightsail Instance.
To do this sign into your Lightsail instance and connect to SSH by clicking the icon shown on the webpage.
Once connected you will see a terminal that looks like the below that you will be able to enter text commands to.
You can check the list of commands on the actual amazon website, though I have given them below for convience.
Simply highlight and copy each command, then paste into the terminal as plain text.
sudo apt-get update
sudo apt-get install software-properties-common
sudo apt-add-repository ppa:certbot/certbot -y
sudo apt-get update -y
sudo apt-get install certbot -y
Request a Let’s Encrypt SSL certificate
Next we follow the below steps to get a SSL certificate from Let’s Encrypt. Also note that if you are renewing you SSL certificate, you only need to follow the procedure from here, which is also what I showed in the above video.
*Please note for the first command, you need to enter your own domain name*
Check that you website address has been added correctly by using the command below.
echo $DOMAIN && echo $WILDCARD
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly
Next you will see the terminal asking you to add a DNS TXT record. You can do this by going back to AWS Lightsail menu and under network you can manage your DNS records.
Simply add a new record as shown below; selecting record type as TXT. Sub Domain will be shown on the terminal screen (highlighted in above image as ‘_acme-challenge’) with the long list of characters as the value. Add these to the record and save.
Once you have added the record confirm that it has propagated before confirming on the terminal. You can then go to mxtoolbox to confirm that you can see the recorded that you have just added.
Once this has been confirmed, repeat the above steps for the second record that you will be asked to add.
Congratulations – your certificate has been saved
If you have added the two TXT records correctly you should see a message like the above informing you that your certificate has now been saved.
Next you need to stop your server and link the certificate files to your instance by using the below commands.
sudo /opt/bitnami/ctlscript.sh stop
sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.crt /opt/bitnami/apache/conf/bitnami/certs/server.crt.old
sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.key /opt/bitnami/apache/conf/bitnami/certs/server.key.old
sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.csr /opt/bitnami/apache/conf/bitnami/certs/server.csr.old
sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache/conf/bitnami/certs/server.key
sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache/conf/bitnami/certs/server.crt
And then restart the server.
sudo /opt/bitnami/ctlscript.sh start
Once your server has loaded up and you can see your cursor again, you can close the terminal and go to your wordpress dashboard.
If you are renewing the SSL certificate then this should now be applied and you are finished, though if this is the first time installing the SSL certicate, you need to install the below plugin that will automatically finish off the remaining steps to install the SSL Certificate correctly to your website.
It is important that you are logged in to your actual website (yourwebsiteaddress.com/admin) and not the IP address that Lightsail provides as the plugin will not work correctly otherwise.
Once the Really Simple SSL plugin is installed and activated, visit your website and you should now be the owner of a fresh SSL Certificate.
If the above guide was helpful to you, please leave a comment below!