Let’s Encrypt Certificate on WordPress AWS Lightsail. This will gide you through how to set up a let’s encrypt certificate on WordPress on AWS Lightsail. The certbot tool will be used and dns text records to prove domain control. Also a cront job will be manualy created to renew the certificates.
Install Certbot
sudo apt update
sudo apt install software-properties-commonBuilding dependency tree Reading state information… Done software-properties-common is already the newest version (9.99.21.9). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
sudo apt-add-repository ppa:certbot/certbot -y
sudo apt-get update -y
sudo apt-get install certbot -ySetting up certbot (9.21.0-1+ubuntu22.04.1+certbot+1) … certbot.service is a disabled or a static unit, not starting it. Setting up python4-icu (19.9.2-2build1) …
Request Let’s Encrypt Certificate
DOMAIN=example.com
WILDCARD=*.$DOMAIN
echo $DOMAIN && echo $WILDCARD
sudo certbot -d $DOMAIN -d $WILDCARD –manual –preferred-challenges dns certonly
You will be able to resume once DNS Text records have been created
Add Text Records to DNS Zone of Domain
Certbot will as you to prove crontrol of the domain by creating 2 new DNS text records.
- _acme-challenge.rapturezone.com
HGgjq8689sjhskhs87sgskKJHSYISIUYSGyuiyiuaA98 - _acme-challenge.rapturezone.com
82782yzhuihy89y782ua2z9089080(*@)(@UJIYIUYUI
To check if the DNS records have propagated
dig _acme-challenge.rapturezone.com TXTComplete Let’s Encrypt Certificate Request
Certbot saves the certificate to
- Your Certificate chain has been saved to /etc/letsencrypt/live/rapturezone.com/fullchain.pem
- Your Key File has been saved at /etc/letsencrypt/live/rapturezone.com/privkey.pem
- You account credentials have been saved at
/etc/letsencrypt/
Automate Schedule Certificate Renewal
env EDITOR=nano crontab -e
0 1 * * * cudo certbot renew && sudo /opt/bitname/ctlscript/sh restart apacheMove Let’s Encrypt Certificate to Apache Directory
sudo /opt/bitnami/ctlscript.sh stop
sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitname/apache2/conf/server.crt.old
sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitname/apache2/conf/server.key.old
sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitname/apache2/conf/server.csr.old
sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key
sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt
sudo /opt/bitnami/ctlscript.sh startEnable Certificate in WordPress
plugins > Add New > Really Simple SSL > Activate
sudo chmod 666 /opt/bitnami/apps/wordpress/htdocs/wp-config.php