SSL for AWS Lightsail Wordpress

Jens Neuhaus
Nov 18, 2017 · 4 min read

In my previous blog article, I wrote about installing a Wordpress blog on AWS Lightsail.

In the official Bitnami documentation, they install a useless example.com dummy certificate by default. If you open your browser, you’ll probably get a message like:

SSL Certificate Name Mismatch

This clearly isn’t the end goal, so you’ll want to add your own SSL certificate. SSL certificates used to cost a small fortune, but now you can get them for free with the help of Let’s Encrypt.

Image for post
Image for post

I’ll show you how to install Let’s Encrypt using my private blog unterwegs-in-suedostasien.de as an example (it’s a blog about a backpacking trip I took in Southeast Asia).

First, you should read my first article about how to connect to your instance.

Punnycode — use of Ü, Ä, and Ö with Let’s Encrypt

In addition to unterwegs-in-suedostasien.de, I own the domain unterwegs-in-südostasien.de (with the special characterü” instead of “ue”). This special character needs some… special handling. By default, if you enter a non-ascii domain in Let’s Encrypt, you get an error message like this:

Punycode is a special notation intended for international domain names. You can use a converter like punycoder.com to generate the correct punycode domain name.

Image for post
Image for post

Install and run Let’s Encrypt certbot

First, you need to install Let’s Encrypt. You’re supposed to be able to install the certbot with apt-get, but this didn’t work for me. I wound up following David Pascoe’s instructions.

Now, SSH to your instance (info on how to do this in my previous blog article).

Then type in the following commands:

The -w gives the path to your http root, and the -d adds one or more domain names to the certificate.

Of course, you need to choose your domain names and you should include the www and any other needed subdomains. Wildcards are not allowed with Let’s Encrypt (this may change as of January 2018).

When the certbot asks you for an authentication method, you should choose “webroot” (option 2):

The certbot will then create some temporary working links for validation on your web server (challenges):

After successful validation, the certbot will delete the temporary files and provide some useful information:

This looks great. We should inform Apache!

This opens the Bitnami configuration file for the Apache. You’ll need to edit the following lines:

Save it and reload the server:

Renew your certificates

Let’s Encrypt certificates are only valid for 90 days. It’s the kind of thing that’s easy to forget, so we recommend automating the process. Let’s update the SSL certificate on the first of every month:

Choose your preferred editor and type the following:

This will auto-renew the Let’s Encrypt certificate on the first of every month at 3:00am. It’s a good idea to run a manual check to ensure everything is working as it should.

Test your SSL

Check to make sure that you can open your domain with SSL. Pull it up in a browser and celebrate when the correct SSL certificate comes up:

Image for post
Image for post

You can also use third party tools to make sure the SSL is working.

Image for post
Image for post

Edit Wordpress settings to always use SSL

If everything works, we should make sure that SSL is always used. Open this file:

Add the following content to the top (making sure to use your own domain name):

Once again, restart your HTTP server:

You should now have free SSL on your Wordpress server!

Let me know if this tutorial worked for you or if things somehow went wrong. I’m always glad to help.

Thanks for your interest. Did I forget something important? Do you have a different opinion? I’m always glad to get feedback.

Follow me on Twitter for updates & more: @jensneuhaus — 🙌

pixelpassion

Technology advice, technical decisions, Startup stacks

Jens Neuhaus

Written by

CTO to rent, Backend developer with Python/Django, supporting startups & mid-size companies, loves good food & travelling.

pixelpassion

Technology advice, technical decisions, Startup stacks

Jens Neuhaus

Written by

CTO to rent, Backend developer with Python/Django, supporting startups & mid-size companies, loves good food & travelling.

pixelpassion

Technology advice, technical decisions, Startup stacks

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store