Secure your Website with Let’s Encrypt free SSL

SSL life cycle

Google prefers Secured websites

What is SSL?

What is TLS?

Paid SSL vs Free SSL

  • Deployed a Bitnami application either in Google cloud platform or AWS. And the application is available at a public IP address.
  • Admin level access to your server.
  • You own a domain name. [If you don’t own a domain name, get a $0.99 .com domain from here]
  • Configured the domain name’s DNS record to point to the public IP address of your Bitnami application instance.

Step 1: Install The Lego Client

  • Log in to the server console.
  • Once the ssh shell window opened, run the following command
cd /tmp curl -s https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -
tar xf lego_v1.0.1_linux_amd64.tar.gz
sudo mv lego  /usr/local/bin/lego

Step 2: Generate A Let’s Encrypt Certificate For Your Domain

  • Turn off all Bitnami services:
sudo /opt/bitnami/ctlscript.sh stop
sudo lego --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/etc/lego" run
sudo lego --email="info@timeofai.com" --domains="timeofai.com" --path="/etc/lego" run

Step 3: Configure The Web Server To Use The Let’s Encrypt Certificate

  • Link the new SSL certificate and certificate key file to the correct locations, depending on which Web server you’re using.

For Apache Server:

sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old sudo ln -s /etc/lego/certificates/DOMAIN.key /opt/bitnami/apache2/conf/server.key sudo ln -s /etc/lego/certificates/DOMAIN.crt /opt/bitnami/apache2/conf/server.crt
sudo ls /etc/lego/certificates sudo chown root:root /opt/bitnami/apache2/conf/server* sudo chmod 600 /opt/bitnami/apache2/conf/server*

For Nginx Server:

sudo mv /opt/bitnami/nginx/conf/server.crt /opt/bitnami/nginx/conf/server.crt.old sudo mv /opt/bitnami/nginx/conf/server.key /opt/bitnami/nginx/conf/server.key.old sudo mv /opt/bitnami/nginx/conf/server.csr /opt/bitnami/nginx/conf/server.csr.old sudo ln -s /etc/lego/certificates/DOMAIN.key /opt/bitnami/nginx/conf/server.key sudo ln -s /etc/lego/certificates/DOMAIN.crt /opt/bitnami/nginx/conf/server.crt sudo chown root:root /opt/bitnami/nginx/conf/server* sudo chmod 600 /opt/bitnami/nginx/conf/server*
sudo /opt/bitnami/ctlscript.sh start
sudo /opt/bitnami/ctlscript.sh stop sudo lego --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/etc/lego" renew sudo /opt/bitnami/ctlscript.sh start
#!/bin/bash sudo /opt/bitnami/ctlscript.sh stop apache sudo /usr/local/bin/lego --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/etc/lego" renew sudo /opt/bitnami/ctlscript.sh start apache
  1. Make the script executable with chmod +x /etc/lego/renew-certificate.sh
  2. Execute the following command to open the crontab editor: sudo crontab -e
  3. Add the following lines to the crontab file and save it: 0 0 1 * * /etc/lego/renew-certificate.sh 2> /dev/null
  • Add https:// in the WordPress backend
  • Update the site address in Dashboard
  • Change the content links
  • Configure 301 Redirects in .htaccess

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store