> For the complete documentation index, see [llms.txt](https://itrp19-notes.gitbook.io/notes/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://itrp19-notes.gitbook.io/notes/reference/html-css-java/ssl.md).

# SSL

## Auto-renew SSL Certificates

{% embed url="<https://docs.bitnami.com/general/how-to/generate-install-lets-encrypt-ssl/>" %}

<figure><img src="/files/ByVipywoyAouWd1Ng5r8" alt=""><figcaption></figcaption></figure>

#### Step 1: Install Certbot

Certbot is a free, open-source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.

1. **SSH into your server** where the Bitnami application is running.
2. **Install Certbot** by following the instructions for your Linux distribution on the Certbot website. Choose your web server and operating system for tailored instructions.

#### Step 2: Stop the Web Server

Before renewing the certificate, you might need to stop your web server to free up the port Certbot uses for verification. This is necessary if you're using the standalone plugin. If you use the webroot plugin, this step may not be necessary.

For Apache (replace `sudo` with the appropriate command if you're not using a sudo-enabled user):

```bash
bashCopy codesudo /opt/bitnami/ctlscript.sh stop apache
```

For Nginx:

```bash
bashCopy codesudo /opt/bitnami/ctlscript.sh stop nginx
```

#### Step 3: Renew the Certificate

Run Certbot to renew your certificate. The command you use depends on how you originally obtained your certificate. If you're unsure, you can simply use the `certonly` option with `--standalone`, assuming your web server is stopped, or `--webroot` if it's running.

```bash
bashCopy codesudo certbot certonly --standalone -d yourdomain.com -d www.yourdomain.com
```

Replace `yourdomain.com` with your actual domain name.

#### Step 4: Configure the New Certificate

After obtaining the new certificate, you need to configure your Bitnami application to use it.

1. **Copy the new certificate and key to the appropriate Bitnami directory.** The exact commands will vary based on your domain and where Certbot places the files (usually `/etc/letsencrypt/live/yourdomain.com/`).

```bash
bashCopy codesudo cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem /opt/bitnami/apache2/conf/server.crt
sudo cp /etc/letsencrypt/live/yourdomain.com/privkey.pem /opt/bitnami/apache2/conf/server.key
```

2. **Fix permissions** on the new files.

```bash
bashCopy codesudo chown root:root /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.key
sudo chmod 600 /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.key
```

3. **Restart your web server** to apply the changes.

For Apache:

```bash
bashCopy codesudo /opt/bitnami/ctlscript.sh start apache
```

For Nginx:

```bash
bashCopy codesudo /opt/bitnami/ctlscript.sh start nginx
```

#### Step 5: Automate the Renewal

Let's Encrypt certificates are valid for 90 days. You can automate the renewal process by adding a cron job.

1. Open the crontab for editing.

```bash
bashCopy codesudo crontab -e
```

2. Add a line to run the renewal command periodically (e.g.,once every 2 months):

```bash
bashCopy code0 0,12 * * * /usr/bin/certbot renew --quiet --renew-hook "/opt/bitnami/ctlscript.sh restart apache"
```

Replace `"/opt/bitnami/ctlscript.sh restart apache"` with the appropriate command to restart your web server.

This setup ensures your SSL certificate is automatically renewed and the web server is restarted to apply the changes.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://itrp19-notes.gitbook.io/notes/reference/html-css-java/ssl.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.