SSL
Let's Encrypt SSL Certificates
Auto-renew SSL Certificates

Step 1: Install Certbot
Certbot is a free, open-source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
SSH into your server where the Bitnami application is running.
Install Certbot by following the instructions for your Linux distribution on the Certbot website. Choose your web server and operating system for tailored instructions.
Step 2: Stop the Web Server
Before renewing the certificate, you might need to stop your web server to free up the port Certbot uses for verification. This is necessary if you're using the standalone plugin. If you use the webroot plugin, this step may not be necessary.
For Apache (replace sudo
with the appropriate command if you're not using a sudo-enabled user):
bashCopy codesudo /opt/bitnami/ctlscript.sh stop apache
For Nginx:
bashCopy codesudo /opt/bitnami/ctlscript.sh stop nginx
Step 3: Renew the Certificate
Run Certbot to renew your certificate. The command you use depends on how you originally obtained your certificate. If you're unsure, you can simply use the certonly
option with --standalone
, assuming your web server is stopped, or --webroot
if it's running.
bashCopy codesudo certbot certonly --standalone -d yourdomain.com -d www.yourdomain.com
Replace yourdomain.com
with your actual domain name.
Step 4: Configure the New Certificate
After obtaining the new certificate, you need to configure your Bitnami application to use it.
Copy the new certificate and key to the appropriate Bitnami directory. The exact commands will vary based on your domain and where Certbot places the files (usually
/etc/letsencrypt/live/yourdomain.com/
).
bashCopy codesudo cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem /opt/bitnami/apache2/conf/server.crt
sudo cp /etc/letsencrypt/live/yourdomain.com/privkey.pem /opt/bitnami/apache2/conf/server.key
Fix permissions on the new files.
bashCopy codesudo chown root:root /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.key
sudo chmod 600 /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.key
Restart your web server to apply the changes.
For Apache:
bashCopy codesudo /opt/bitnami/ctlscript.sh start apache
For Nginx:
bashCopy codesudo /opt/bitnami/ctlscript.sh start nginx
Step 5: Automate the Renewal
Let's Encrypt certificates are valid for 90 days. You can automate the renewal process by adding a cron job.
Open the crontab for editing.
bashCopy codesudo crontab -e
Add a line to run the renewal command periodically (e.g.,once every 2 months):
bashCopy code0 0,12 * * * /usr/bin/certbot renew --quiet --renew-hook "/opt/bitnami/ctlscript.sh restart apache"
Replace "/opt/bitnami/ctlscript.sh restart apache"
with the appropriate command to restart your web server.
This setup ensures your SSL certificate is automatically renewed and the web server is restarted to apply the changes.
Last updated