CodeSteps

Python, C, C++, C#, PowerShell, Android, Visual C++, Java ...

AWS Lightsail – How to install free SSL in Lightsail instance?

I have explained, creating an AWS Lightsail instance in my previous Article “AWS – Create an Amazon Lightsail instance (with WordPress installed)“. SSL was not installed on the Lightsail instance, hence your connection to the site is NOT SECURE.

People will trust your website, if it is SECURE. In order to SECURE the website, you must NEED to install the SSL Certificates; these will enable to encrypt the information transferred to and from the site. This helps to the visitors to safely enter the sensitive information; for example, entering Credit Card details to buy the Products from your website.

Buying SSL Certificates are expensive. Depending on your business needs you can buy these from different buyers.

Install free SSL in Lightsail instance

Let’s Encrypt provides free SSL Certificates. Most of the browsers support these Certificates. When you install these for your website; all the requests to your website will be encrypted. That means, your website will be SECURED. People will trust the SECURED websites; which enables you to increase your online business and increase the site visitors.

In this article, I will explain installing free SSL on Amazon Lightsail instance.

Step 1. Connect to the Amazon Lightsail instance through the SSH client. And enter into superuser mode.

Step 2. It is recommended to use the Certbot ACME client to install the certificate. Click on the Certbot link to get the instructions specific to your System.

I have selected Apache from the Software list and Ubuntu 16.04 (xenial) from the System list. These are the ones installed on my Lightsail instance.

Step 3. Before you follow the instructions mentioned; stop the Apache service to avoid any issues during the installation of the Certificate.

Just type the below command to stop the Apache service (and also it will stop MySQL & PHP).

root@:/opt/bitnami# sudo /opt/bitnami/ctlscript.sh stop

Syntax OK

/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped

/opt/bitnami/php/scripts/ctl.sh : php-fpm stopped

/opt/bitnami/mysql/scripts/ctl.sh : mysql stopped

Step 4. Follow the below instructions to install the Certbot. I got these instructions from here: Apache on Ubuntu 16.04 (xenial)

root@:/opt/bitnami# sudo apt-get update
root@:/opt/bitnami# sudo apt-get install software-properties-common
root@:/opt/bitnami# sudo add-apt-repository universe
root@:/opt/bitnami# sudo add-apt-repository ppa:certbot/certbot
root@:/opt/bitnami# sudo apt-get update
root@:/opt/bitnami# sudo apt-get install python-certbot-apache

Step 5. Let’s install the certificates by using the below command. Certbot prompts you to provide some inputs. I have mentioned the inputs below in blue color. You must provide your domain name in place of “my-example.com”.

root@:/opt/bitnami# sudo certbot –apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): my-example.com, www.my-example.com

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for my-example.com
http-01 challenge for www.my-example.com
Waiting for verification…
Cleaning up challenges
We were unable to find a vhost with a ServerName or Address of my-example.com.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: my-example-ssl.conf | | HTTPS | Enabled
2: my-example.conf | | | Enabled
3: my-example-le-ssl.conf | | HTTPS | Enabled
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 1
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/my-example-ssl.conf

We were unable to find a vhost with a ServerName or Address of www.my-example.com.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: my-example-ssl.conf | my-example.com | HTTPS | Enabled
2: my-example.conf | | | Enabled
3: my-example-le-ssl.conf | | HTTPS | Enabled
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 1
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/my-example-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Created redirect file: le-redirect-my-example.com.conf
Rollback checkpoint is empty (no changes made?)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Congratulations! You have successfully enabled https://my-example.com and https://www.my-example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=my-example.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.my-example.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/my-example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/my-example.com/privkey.pem
Your cert will expire on 2019-01-18. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew *all* of
your certificates, run “certbot renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Step 6. After successful installation, certificates will enable for your given domains. Now we need to start the apache and other services that we stopped in “Step 3“, using the below command.

root@:/opt/bitnami# sudo /opt/bitnami/ctlscript.sh start

/opt/bitnami/mysql/scripts/ctl.sh : mysql started at port 3306

/opt/bitnami/php/scripts/ctl.sh : php-fpm started

Syntax OK

/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80

Step 7. Now everything is ready to access your secured website. Access it from your browser. For example, https://my-example.com; access it from the browser.

Observe that, there is a Lock symbol (Secure symbol) displayed in the browser; to the left of the URL. Which specifies the website is secured.

We will discuss more topics as we go.

[..] David

AWS Lightsail – How to install free SSL in Lightsail instance?

3 thoughts on “AWS Lightsail – How to install free SSL in Lightsail instance?

  1. Hi David, I found this to be somewhat helpful. However, a couple of things threw me for a loop. The first was that the LightSail instance had Ubuntu also running Apache for some reason. So I was pulling up the Ubuntu default page instead of my site. I had to kill that before starting the Bitnami script. After the whole process I’m still seeing the default Bitnami cert and not the new one I generated. I guess I will need to dig into the configuration to manually assign it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top