In this article, I show you how to install a SSL certificate on your AWS Bitnami WordPress server.
Okay, before we start I’m assuming you have already:
- Created the Bitnami WordPress site – see How to Create a WordPress Blog Using AWS Lightsail
- Purchased a SSL certificate from a Certificate Authority (CA) and downloaded it to your computer – see How to Create a Certificate Signing Request (CSR) – Apache
- Created a private key file (see link in 2 above)
- Have a way of connecting to your server via SSH – see How to Connect to an Amazon Web Services (AWS) EC2 Instance Using SSH
Install the SSL Certificate
When you’ve done these preliminary steps, you need to:
Step 1 – Open the folder you downloaded to your computer from the SSL certificate provider. This should contain one or two files which look like:
Step 2 – Copy the certificate files to the correct locations on your AWS EC2 or Lightsail instance using SSH – See How to Copy Files to an AWS EC2 Instance Using SFTP
You created the key file when you created the Certificate Signing Request for the SSL certificate.
The correct directories for each file are:
|Certificate key file||/opt/bitnami/apache2/conf/your.key|
|CA Certificate bundle file (if present)||/opt/bitnami/apache2/conf/your-bundle.crt|
|* replace your with your files|
Step 3 – Check the Apache version running on the server using the terminal command as you will need to know this for Step 5.
$ httpd -v
The server version will be displayed as Apache/2.4.xx in the terminal.
Step 4 – Open the bitnami.conf file using the following command
$ nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
Step 5 – Scroll down to the <VirtualHost _default_:443> section and replace the default server.crt files with the correct certificate file names for the files uploaded in Step 2 above.
Step 6 – Add a line for your CA Certificate bundle file
If your Apache version is lower than v2.4.8, add this line under the SSLCertificateKeyFile
If your Apache version is v2.4.8 or above, add this line under the SSLCertificateKeyFile
Important – make sure the file names have been entered correctly in the configuration file and the certificates are located in the correct directories before proceeding further.
Step 7 – Save the file by pressing ctrl-X on your keyboard and Y to save changes
Step 8 – Make the files readable by the root user only by entering the following commands in the terminal:
$ sudo chown root:root /opt/bitnami/apache2/conf/server*
$ sudo chmod 600 /opt/bitnami/apache2/conf/server*
Step 9 – Check the firewall to see if Port 443 is open (default setting in AWS Lightsail Bitnami installation) – see xxxINSERT LINK HERExxx
Step 10 – Restart the Apache server using
$ sudo /opt/bitnami/ctlscript.sh restart apache
If you get any errors check Step 5 again, otherwise your certificate should now be installed and the padlock sign appears when entering the URL in a browser.