The first question comes in our mind that what is an SSL certificate and why we use it..? The answer is very simple, you must have the SSL certificate if you are running your website because of its google recommendation if you want to show your webpages on google’s first page you have integrated the SSL certificate to achieve the goal.
Installing an SSL certificate on your AWS instance is very hard special if you are not a technical person/programmer, you have shared hosting then your hosting provider can install the SSL certificate for you out of the box. Mostly person has the AWS account and they use always manage their lightsail instance.
How to install the Lets Encrypt SSL certificate on your AWS Lightsail instance..? this is the question people always ask so today we are going to install the Let’s Encrypt SSL certificate for your Lightsail instance. Follow the steps to integrate the SSL certificate for your AWS Lightsail instance.
Step 1: Before installing the SSL certificate on your Lightsail instance you have created the Lightsail instance, once you create the instance you have to purchase a domain so you can assign the instance to the purchased domain and finally download the putty if you want to access your server otherwise ignore this one.
Step 2: Open your SSH terminal to install the Certbot for your Lightsail instance. Once you open your ssh terminal just this code sudo apt-get update to update your package.
Step 3: For the software properties package to install on your instance use this code sudo apt-get install software-properties-common
Step 4: Use the following code to add Certbot to the apt repository sudo apt-add-repository ppa:certbot/certbot –y
Step 5: Use the code to update the apt so you can include the new reposity sudo apt-get update –y
Step 6: Use the code to install the Certbot sudo apt-get install certbot -y so now you have successfully installed the Certbot on your Lightsail instance.
Step 7: keep your SSH terminal open, So now you have to request a Let’s Encrypt SSL Certificate DOMAIN=yourDomain.com
Step 8: Use the code to view or confirm the domain you have entered echo $DOMAIN && echo $WILDCARD
Step 9: Use the code to start Certbot (interactive mode), That means you are telling to the Certbot to use the manual authorization and verify the domain ownership sudo certbot -d $DOMAIN -d $WILDCARD –manual –preferred-challenges dns certonly once you enter the code it will ask your email address just provide it and hit the enter button and you can also read the terms and condition.
Step 10: Now you have the TXT record with value, copy the TXT record and values i.e _acme-challenge.yourDomain.com and values is CvKHWLeioiz5BBU make sure keep the SSH window open.
Step 11: So now go the DNS setting i.e if you purchased the domain for GoDaddy for other domain providers add your TXT record with values which you have copied/saved _acme-challenge.yourDomain.com and value is CvKHWLeioiz5BBU make sure select the TXT record.
Step 12: Now you have confirmed that your TXT record has properly propagated, just go to the mxtoolbox and add the _acme-challenge.yourDomain.com and hit the TXT Lookup button, it will show your TXT record. Repeat the same 11 and 12 steps for the second TXT record, hit the enter button from your SSH panel.wait for few seconds lects encrypt verify your SSL certificate once it’s done they will show you the expire date with congratulation message on your SSH terminal, keep your expire date so you can further renew your certificate.
This is your Confirmation message.
Step 13: Now link your let’s encrypt Certbot with our apache servers files/directory. Use this code sudo /opt/bitnami/ctlscript.sh stop to link.
Step 14: Now you have set the environment variable DOMAIN=yourDomain.com
Step 15: Check your domain name echo $DOMAIN
Step 16: Use the following code individually.
- sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
- sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
- sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
Step 17: Use the following code to create the links with your certificate (apache directory).
- sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key
- sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt
Step 18: Now its time to restart your services sudo /opt/bitnami/ctlscript.sh start
Congratulation you have successfully installed the SSL certificate for your Amazone Lightsail instance.