The first question comes in our mind that what is an SSL certificate and why we use it..? The answer is straightforward, and you must have the SSL certificate if you are running your website because of its google recommendation. If you want to show your webpages on google’s first page, you have integrated the SSL certificate to achieve the goal.
Installing an SSL certificate on your AWS instance is very hard special if you are not a technical person/programmer; you have shared hosting then your hosting provider can install the SSL certificate for you out of the box. Mostly person has the AWS account, and they use always manage their lightsail instance.
How to install the Lets Encrypt SSL certificate on your AWS Lightsail instance..? this is the question people always ask, so today we are going to install the Let’s Encrypt SSL certificate for your Lightsail instance. Follow the steps to integrate the SSL certificate for your AWS Lightsail instance.
Step 1: Before installing the SSL certificate on your Lightsail instance you have created the Lightsail instance.
Once you create the instance you have to purchase a domain so you can assign the instance to the purchased domain and finally download the putty if you want to access your server otherwise ignore this one.
Step 2: Open your SSH terminal to install the Certbot for your Lightsail instance. Once you open your ssh terminal just this code
sudo apt-get update
to update your package.
Step 3: For the software properties package to install on your instance use this code
sudo apt-get install software-properties-common
Step 4: Use the following code to add Certbot to the apt repository
sudo apt-add-repository ppa:certbot/certbot –y
Step 5: Use the code to update the apt so that you can include the new repository
sudo apt-get update –y
Step 6: Use the code to install the Certbot
sudo apt-get install certbot -y
So now, you have successfully installed the Certbot on your Lightsail instance.
Step 7: keep your SSH terminal open, So now you have to request a Let’s Encrypt SSL Certificate.
Step 8: Use the code to view or confirm the domain you have entered
echo $DOMAIN && echo $WILDCARD
Step 9: Use the code to start Certbot (interactive mode), That means you are saying to the Certbot to use the manual authorization and verify the domain ownership
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly
once you enter the code, it will ask your email address; just provide it and hit the enter button, and you can also read the terms and conditions.
Step 10: Now, you have the TXT record with value, copy the TXT record and values, i.e _acme-challenge.yourDomain.com and values is CvKHWLeioiz5BBU make sure keep the SSH window open.
Step 11: So now go the DNS setting, i.e., if you purchased the domain for GoDaddy for other domain providers, add your TXT record with values which you have copied/saved _acme-challenge.yourDomain.com and value is CvKHWLeioiz5BBU make sure select the TXT record.
Step 12: Now you have confirmed that your TXT record has correctly propagated, just go to the mxtoolbox and add the _acme-challenge.yourDomain.com and hit the TXT Lookup button, it will show your TXT record. Repeat the same 11 and 12 steps for the second TXT record, hit the enter button from your SSH panel.
Wait for few seconds lects encrypt verify your SSL certificate once it’s done; they will show you the expire date with congratulation message on your SSH terminal.
Keep your expiry date so you can further renew your certificate.
This is your Confirmation message.
Step 13: Now, link your let’s encrypt Certbot with our apache servers files/directory. Use this code to link.
sudo /opt/bitnami/ctlscript.sh stop
Step 14: Now you have set the environment variable
Step 15: Check your domain name
Step 16: Use the following code individually.
sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
Step 17: Use the following code to create the links with your certificate (apache directory).
sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt
Step 18: Now its time to restart your services
sudo /opt/bitnami/ctlscript.sh start
Congratulation, you have successfully installed the SSL certificate for your Amazone Lightsail instance.