How to Install an SSL Certificate on an AWS EC2 Bitnami WordPress Site

In this article, I show you how to install a SSL certificate on your AWS Bitnami WordPress server.

Prerequisites

Okay, before we start I’m assuming you have already:

  1. Created the Bitnami WordPress site – see How to Create a WordPress Blog Using AWS Lightsail
  2. Purchased a SSL certificate from a Certificate Authority (CA) and downloaded it to your computer – see How to Create a Certificate Signing Request (CSR) – Apache
  3. Created a private key file (see link in 2 above)
  4. Have a way of connecting to your server via SSH – see How to Connect to an Amazon Web Services (AWS) EC2 Instance Using SSH



Install the SSL Certificate

When you’ve done these preliminary steps, you need to:

Step 1 – Open the folder you downloaded to your computer from the SSL certificate provider. This should contain one or two files which look like:

How to Install a SSL Certificate on a AWS Bitnami WordPress Site
Example certificates

Step 2 – Copy the certificate files to the correct locations on your AWS EC2 or Lightsail instance using SSH – See How to Copy Files to an AWS EC2 Instance Using SFTP

You created the key file when you created the Certificate Signing Request for the SSL certificate.

The correct directories for each file are:

File Directory
Certificate file /opt/bitnami/apache2/conf/your.crt
Certificate key file /opt/bitnami/apache2/conf/your.key
CA Certificate bundle file (if present) /opt/bitnami/apache2/conf/your-bundle.crt
* replace your with your files

Step 3 – Check the Apache version running on the server using the terminal command as you will need to know this for Step 5.

$ httpd -v

The server version will be displayed as Apache/2.4.xx in the terminal.

How to Install a SSL Certificate on a AWS EC2 Bitnami WordPress Site
Check the Apache server version using httpd -v

Step 4 – Open the bitnami.conf file using the following command

$ nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf

Step 5 – Scroll down to the <VirtualHost _default_:443> section and replace the default server.crt files with the correct certificate file names for the files uploaded in Step 2 above.

How to Install a SSL Certificate on a AWS EC2 Bitnami WordPress Site
Amend the configuration file with the correct certificate and key file names

Step 6 – Add a line for your CA Certificate bundle file

If your Apache version is lower than v2.4.8, add this line under the SSLCertificateKeyFile

SSLCertificateChainFile "/opt/bitnami/apache2/conf/your-bundle.crt"

If your Apache version is v2.4.8 or above, add this line under the SSLCertificateKeyFile

SSLCACertificateFile "/opt/bitnami/apache2/conf/your-bundle.crt"

Important – make sure the file names have been entered correctly in the configuration file and the certificates are located in the correct directories before proceeding further.

Step 7 – Save the file by pressing ctrl-X on your keyboard and Y to save changes

Step 8 – Make the files readable by the root user only by entering the following commands in the terminal:

$ sudo chown root:root /opt/bitnami/apache2/conf/server* $ sudo chmod 600 /opt/bitnami/apache2/conf/server*

Step 9 – Check the firewall to see if Port 443 is open (default setting in AWS Lightsail Bitnami installation) – see xxxINSERT LINK HERExxx

Step 10 – Restart the Apache server using

$ sudo /opt/bitnami/ctlscript.sh restart apache

If you get any errors check Step 5 again, otherwise your certificate should now be installed and the padlock sign appears when entering the URL in a browser.

How to Create a Certificate Signing Request (CSR) – Apache

For LAMP stack users, once you have purchased a SSL certificate from a Certificate Authority, you will need to generate a Certificate Signing Request (CSR) to link the certificate to your domain name and server.

Step 1 – SSH into your server instance

Step 2 – Generate the CSR and key by typing the following command at the prompt and then pressing ‘Enter’:

openssl req -new -newkey rsa:2048 -nodes -keyout 
yourdomain.key -out yourdomain.csr

RSA:2048 is the recommended key size.

Replace yourdomain with your domain name excluding the extension, e.g. for example.com use example.key and example.csr. 



The program will ask for some information which you will need to enter in full not using abbreviations:

  • Common name – the fully qualified domain name e.g. example.com. If the Certificate Authority allows a wildcard (*) certificate you can enter *.example.com
  • Organization – your organization’s legal name or your name if it is a person requesting the certificate not a company
  • Organization Unit – the trading or ‘doing business as’ name
  • City or locality – the city where the organization is registered or located
  • State or Province – the state or province where the organization is registered or located
  • Country – the two-letter ISO format country code where the organization is registered or located

Step 3 – When the program has finished, type the following at the command prompt and you should see two files: yourdomain.csr and yourdomain.key

ls

You have now created a CSR and view the CSR by entering:

nano yourdomain.csr

You now need to follow the instructions when purchasing the certificate on copying and pasting the CSR including the —BEGIN NEW CERTIFICATE REQUEST— and —END NEW CERTIFICATE REQUEST— into the SSL order form.

 

How to add a SSL Certificate to an AWS Lightsail Bitnami WordPress Site

Now you’ve created your new Bitnami WordPress site using AWS Lightsail the first thing you will see when viewing it in Google Chrome is a ‘Not secure’ warning message next to the URL – a sure-fire way of scaring your visitors away!

Here’s a step-by-step guide to fixing the problem:

Step 1 – Purchase a SSL Certificate

AWS offer free certificates but you need to use their CloudFront Content Delivery Network and a pricey Elastic Load Balancer.  It’s also quite complicated to set up. If your site is new and hasn’t much traffic then the only option is to buy a certificate from a Certificate Authority.  Try GoDaddy.com or 1&1.co.uk.



Step 2 – Once you have purchased a certificate, your provider will need a CSR (Certificate Signing Request) before you can download the certificate. This is to link the certificate to your domain name and server.

To do this, you need to SSH into your AWS instance using the ‘Connect using SSH’ button in the instance console in Lightsail.

A window will open and you should see the Bitnami terminal or Command Line Interface (CLI) with the cursor next to a bitnami@ip-xxx-xx-x-xxx:~ $ prompt.

How to add a SSL Certificate to an AWS Lightsail Bitnami WordPress Site
Click the ‘Connect using SSH’ button

Step 3 – Create a CSR and follow the instructions on your certificate supplier’s website on copying and pasting it into your certificate application form – see How to Create a CSR.

Step 4 – You will now need to verify your site by either uploading a file or adding a TXT record to your DNS settings.  Again, your certificate supplier will have instructions on what to do.

Step 5 – When the site’s verified,  follow the instructions to download the certificate from the certificate supplier’s website to your computer.

Step 6 – Install the certificate and bundle to the server

Step 7 – Change the conf file

Step 8 – Restart apache

Step 9 – Check everything is working – close the browser and type the url using https:

Step 10 – Do a mod rewrite to redirect http traffic to https