Adding SSL Certificate to a website hosted on AWS Lightsail

Having hosted my own website from Amazon Lightsail, I found it hard when first applying the SSL Certificate to the website. Finding useful information on this on google or on youtube gave some suggestions such as using a load balancer. Using this method wouldn’t be the best solution for a small website and would also be an added expense for someone, so I wanted to share the documentation and method I found on Amazon.

So if you want users not to see a threatening screen such as the one above when they are trying to view your website, make sure you follow the guide below.

You can find a guide that I put together on Youtube below or follow the instructions on this page.

Install Cerbot on your Lightsail Instance

If this is the first time you are installing your SSL certificate through SSH, then you first need to install Certbot on you Lightsail Instance.

To do this sign into your Lightsail instance and connect to SSH by clicking the icon shown on the webpage.

Once connected you will see a terminal that looks like the below that you will be able to enter text commands to.

You can check the list of commands on the actual amazon website, though I have given them below for convience.

Simply highlight and copy each command, then paste into the terminal as plain text.

sudo apt-get update
sudo apt-get install software-properties-common
sudo apt-add-repository ppa:certbot/certbot -y
sudo apt-get update -y
sudo apt-get install certbot -y

Request a Let’s Encrypt SSL certificate

Next we follow the below steps to get a SSL certificate from Let’s Encrypt. Also note that if you are renewing you SSL certificate, you only need to follow the procedure from here, which is also what I showed in the above video.

*Please note for the first command, you need to enter your own domain name*

DOMAIN= yourWebsite.com
WILDCARD=*.$DOMAIN

Check that you website address has been added correctly by using the command below.

echo $DOMAIN && echo $WILDCARD
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly

Next you will see the terminal asking you to add a DNS TXT record. You can do this by going back to AWS Lightsail menu and under network you can manage your DNS records.

Simply add a new record as shown below; selecting record type as TXT. Sub Domain will be shown on the terminal screen (highlighted in above image as ‘_acme-challenge’) with the long list of characters as the value. Add these to the record and save.

Once you have added the record confirm that it has propagated before confirming on the terminal. You can then go to mxtoolbox to confirm that you can see the recorded that you have just added.

Once this has been confirmed, repeat the above steps for the second record that you will be asked to add.

Congratulations – your certificate has been saved

If you have added the two TXT records correctly you should see a message like the above informing you that your certificate has now been saved.

Next you need to stop your server and link the certificate files to your instance by using the below commands.

sudo /opt/bitnami/ctlscript.sh stop
sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.crt /opt/bitnami/apache/conf/bitnami/certs/server.crt.old
sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.key /opt/bitnami/apache/conf/bitnami/certs/server.key.old
sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.csr /opt/bitnami/apache/conf/bitnami/certs/server.csr.old
sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache/conf/bitnami/certs/server.key
sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache/conf/bitnami/certs/server.crt

And then restart the server.

sudo /opt/bitnami/ctlscript.sh start

Once your server has loaded up and you can see your cursor again, you can close the terminal and go to your wordpress dashboard.

If you are renewing the SSL certificate then this should now be applied and you are finished, though if this is the first time installing the SSL certicate, you need to install the below plugin that will automatically finish off the remaining steps to install the SSL Certificate correctly to your website.

It is important that you are logged in to your actual website (yourwebsiteaddress.com/admin) and not the IP address that Lightsail provides as the plugin will not work correctly otherwise.

Once the Really Simple SSL plugin is installed and activated, visit your website and you should now be the owner of a fresh SSL Certificate.

If the above guide was helpful to you, please leave a comment below!

6 thoughts on “Adding SSL Certificate to a website hosted on AWS Lightsail”

  1. Some really great info, Gladiola I detected this. I’m not spaming. I’m just saying your website is AWSOME! Thank you so much! Please vist also my website.

    Reply
  2. Hi to every single one, it’s actually a nice for me to pay a visit
    this site, it consists of helpful Information.

    Reply
  3. Good site you’ve got here.. It’s hard to find high-quality writing
    like yours these days. I truly appreciate people like you!
    Take care!!

    Reply
  4. Pretty nice post. I just stumbled upon your blog and wished to
    say that I’ve really enjoyed surfing around
    your blog posts. In any case I will be subscribing to your feed and I hope you write again soon!

    Reply

Leave a Comment