SSL

Let's Encrypt SSL Certificates

Auto-renew SSL Certificates

Generate and Install a Let's Encrypt SSL Certificate for a Bitnami Application

Step 1: Install Certbot

Certbot is a free, open-source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.

1. SSH into your server where the Bitnami application is running.

2. Install Certbot by following the instructions for your Linux distribution on the Certbot website. Choose your web server and operating system for tailored instructions.

Step 2: Stop the Web Server

Before renewing the certificate, you might need to stop your web server to free up the port Certbot uses for verification. This is necessary if you're using the standalone plugin. If you use the webroot plugin, this step may not be necessary.

For Apache (replace sudo with the appropriate command if you're not using a sudo-enabled user):

bashCopy codesudo /opt/bitnami/ctlscript.sh stop apache

For Nginx:

bashCopy codesudo /opt/bitnami/ctlscript.sh stop nginx

Step 3: Renew the Certificate

Run Certbot to renew your certificate. The command you use depends on how you originally obtained your certificate. If you're unsure, you can simply use the certonly option with --standalone, assuming your web server is stopped, or --webroot if it's running.

bashCopy codesudo certbot certonly --standalone -d yourdomain.com -d www.yourdomain.com

Replace yourdomain.com with your actual domain name.

Step 4: Configure the New Certificate

After obtaining the new certificate, you need to configure your Bitnami application to use it.

1. Copy the new certificate and key to the appropriate Bitnami directory. The exact commands will vary based on your domain and where Certbot places the files (usually /etc/letsencrypt/live/yourdomain.com/).

bashCopy codesudo cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem /opt/bitnami/apache2/conf/server.crt
sudo cp /etc/letsencrypt/live/yourdomain.com/privkey.pem /opt/bitnami/apache2/conf/server.key

2. Fix permissions on the new files.

bashCopy codesudo chown root:root /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.key
sudo chmod 600 /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.key

3. Restart your web server to apply the changes.

For Apache:

bashCopy codesudo /opt/bitnami/ctlscript.sh start apache

For Nginx:

bashCopy codesudo /opt/bitnami/ctlscript.sh start nginx

Step 5: Automate the Renewal

Let's Encrypt certificates are valid for 90 days. You can automate the renewal process by adding a cron job.

1. Open the crontab for editing.

bashCopy codesudo crontab -e

2. Add a line to run the renewal command periodically (e.g.,once every 2 months):

bashCopy code0 0,12 * * * /usr/bin/certbot renew --quiet --renew-hook "/opt/bitnami/ctlscript.sh restart apache"

Replace "/opt/bitnami/ctlscript.sh restart apache" with the appropriate command to restart your web server.

This setup ensures your SSL certificate is automatically renewed and the web server is restarted to apply the changes.