How to install Lets Encrypt SSL certificate on your AWS Lightsail instance

How to install Lets Encrypt SSL certificate on your AWS Lightsail instance

The first question comes in our mind that what is an SSL certificate and why we use it..? The answer is straightforward, and you must have the SSL certificate if you are running your website because of its google recommendation. If you want to show your webpages on google’s first page, you have integrated the SSL certificate to achieve the goal.

Installing an SSL certificate on your AWS instance is very hard special if you are not a technical person/programmer; you have shared hosting then your hosting provider can install the SSL certificate for you out of the box. Mostly person has the AWS account, and they use always manage their lightsail instance.

How to install the Lets Encrypt SSL certificate on your AWS Lightsail instance..?  this is the question people always ask, so today we are going to install the Let’s Encrypt SSL certificate for your Lightsail instance. Follow the steps to integrate the SSL certificate for your AWS Lightsail instance.

Step 1: Before installing the SSL certificate on your Lightsail instance you have created the Lightsail instance.

Once you create the instance you have to purchase a domain so you can assign the instance to the purchased domain and finally download the putty if you want to access your server otherwise ignore this one.

oepn ssh terminal

Step 2: Open your SSH terminal to install the Certbot for your Lightsail instance. Once you open your ssh terminal just this code

sudo apt-get update

to update your package.

Step 3: For the software properties package to install on your instance use this code

sudo apt-get install software-properties-common

Step 4: Use the following code to add Certbot to the apt repository

sudo apt-add-repository ppa:certbot/certbot –y

Step 5: Use the code to update the apt so that you can include the new repository

sudo apt-get update –y

Step 6: Use the code to install the Certbot

sudo apt-get install certbot -y

So now, you have successfully installed the Certbot on your Lightsail instance.

Step 7: keep your SSH terminal open, So now you have to request a Let’s Encrypt SSL Certificate.

Step 8: Use the code to view or confirm the domain you have entered

echo $DOMAIN && echo $WILDCARD

Step 9: Use the code to start Certbot (interactive mode), That means you are saying to the Certbot to use the manual authorization and verify the domain ownership

sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly

once you enter the code, it will ask your email address; just provide it and hit the enter button, and you can also read the terms and conditions.

Step 10: Now, you have the TXT record with value, copy the TXT record and values, i.e and values is CvKHWLeioiz5BBU make sure keep the SSH window open.

add txt record ssh

Step 11:  So now go the DNS setting, i.e., if you purchased the domain for GoDaddy for other domain providers, add your TXT record with values which you have copied/saved and value is CvKHWLeioiz5BBU make sure select the TXT record.

add txt record

Step 12: Now you have confirmed that your TXT record has correctly propagated, just go to the mxtoolbox and add the and hit the TXT Lookup button, it will show your TXT record. Repeat the same 11 and 12 steps for the second TXT record, hit the enter button from your SSH panel.

Wait for few seconds lects encrypt verify your SSL certificate once it’s done; they will show you the expire date with congratulation message on your SSH terminal.

Keep your expiry date so you can further renew your certificate.

tst record on lightsail instance

This is your Confirmation message.

expirey date for ssl on lightsail

Step 13: Now, link your let’s encrypt Certbot with our apache servers files/directory. Use this code to link.

sudo /opt/bitnami/ stop

Step 14: Now you have set the environment variable

Step 15: Check your domain name

echo $DOMAIN

Step 16: Use the following code individually.

 sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
 sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
 sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old

Step 17: Use the following code to create the links with your certificate (apache directory).

sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key
sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt

Step 18: Now its time to restart your services

sudo /opt/bitnami/ start

Congratulation, you have successfully installed the SSL certificate for your Amazone Lightsail instance.

My Name is Shehzad Ahmed and I am a full-time developer with over 7+ years of experience. In that time, I’ve worked as a developer with many big and small firms and was teaching web design and development skills to many keen learners and by the time passes I’ve found a great passion and potential on myself as a teacher on this particular field and now I am a full-time teacher and working as a freelancer.


  • Pankaj
    May 6, 2020

    I’ve my website on AWS Lightsail. Currently it is on http and I’ve to move it to https.
    Is there any charges for it from AWS?

  • Pallavi
    May 25, 2020

    Want to know how to renew the certificate? On the same link, they have mentioned in point 9.\

    “Let’s Encrypt certificates are valid for 90 days. Certificates can be renewed 30 days before they expire. To renew the Let’s Encrypt certificates, run the original command used to obtain them. Repeat the steps in the Request a Let’s Encrypt SSL wildcard certificate section of this tutorial.”

    But what is the original command? I am stuck here can you help?

    • Pallavi
      May 25, 2020

      Can you make a video for the same?

    • shakzee
      May 29, 2020

      start the step from 3 or from zero(step:1). 🙂

  • michael luna
    May 27, 2020

    hello, I get this
    es bueno tu manual
    AH00526: Syntax error on line 47 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
    SSLCertificateFile: file ‘/opt/bitnami/apache2/\xe2\x80\x9c/etc/letsencrypt/live/\xe2\x80\x9d’ does not exist or is em
    apache config test fails, aborting

    thanks for the help

    • shakzee
      May 29, 2020

      can you please share the screenshot so I can further help you to identify the problem.

  • audu
    September 17, 2020

    Hey, I am getting below error while executing command ”sudo apt-add-repository ppa:certbot/certbot -y

    FileNotFoundError: [Errno 2] No such file or directory: ‘gpg’: ‘gpg’

    Could you please help

Leave a Reply

Your email address will not be published. Required fields are marked *