Bitnami SSL certificate installation guide, courtesy of our in-house experts.
At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Services.
Let’s take a look at how our Support Team is ready to help customers with Bitnami SSL certificate installation.
All About Bitnami SSL certificate installation
Let’s Encrypt is a popular, free CA that issues SSL certificates. We use these certificates to ensure traffic is secure from and to our Bitnami application host. In this guide, our Support Team is going to take you through the process of generating an SSL certificate for a domain, installing it as well as configuring it to work with the Bitnami application stack.
We will be taking a close look at the following steps during this process:
- Installing the Lego client
- Generating a Let’s Encrypt certificate for the domain
- Configuring the webserver to use the Let’s Encrypt certificate
- Testing the configuration
- Renewing the Let’s Encrypt certificate
How to install the Lego client
Our Support Techs recommend using the Lego client to simplify generating the Let’s Encrypt certificate. Here is how we install Lego client:
- First, log in to the server console as Bitnami user.
- Then, run the commands below in order to install the Lego client.
cd /tmp curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i - tar xf lego_vX.Y.Z_linux_amd64.tar.gz sudo mkdir -p /opt/bitnami/letsencrypt sudo mv lego /opt/bitnami/letsencrypt/lego
Our Support Engineers would like to point out that we have to replace X.Y.Z placeholder with the correct version number.
How to generate a Let’s Encrypt certificate for the domain
- First, turn off all Bitnami services with the following command:
sudo /opt/bitnami/ctlscript.sh stop
- Next, request a new certificate as seen here, with and without the www prefix:
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --domains="www.DOMAIN" --path="/opt/bitnami/letsencrypt" run
- Finally, agree to the terms of service.
How to configure the webserver to use the Let’s Encrypt certificate
Now, it is time to inform the webserver about the new SSL certificate.
Approach 1 for Apache:
sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt.old sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.key /opt/bitnami/apache2/conf/bitnami/certs/server.key.old sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/apache2/conf/bitnami/certs/server.key sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt sudo chown root:root /opt/bitnami/apache2/conf/bitnami/certs/server* sudo chmod 600 /opt/bitnami/apache2/conf/bitnami/certs/server*
Approach 2 for Apache:
sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/apache2/conf/server.key sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/apache2/conf/server.crt sudo chown root:root /opt/bitnami/apache2/conf/server* sudo chmod 600 /opt/bitnami/apache2/conf/server*
For Nginx, Approach 1:
sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt.old sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.key /opt/bitnami/nginx/conf/bitnami/certs/server.key.old sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.csr /opt/bitnami/nginx/conf/bitnami/certs/server.csr.old sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/nginx/conf/bitnami/certs/server.key sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt sudo chown root:root /opt/bitnami/nginx/conf/bitnami/certs/server* sudo chmod 600 /opt/bitnami/nginx/conf/bitnami/certs/server*
For Nginx, Approach 2:
sudo mv /opt/bitnami/nginx/conf/server.crt /opt/bitnami/nginx/conf/server.crt.old sudo mv /opt/bitnami/nginx/conf/server.key /opt/bitnami/nginx/conf/server.key.old sudo mv /opt/bitnami/nginx/conf/server.csr /opt/bitnami/nginx/conf/server.csr.old sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/nginx/conf/server.key sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/nginx/conf/server.crt sudo chown root:root /opt/bitnami/nginx/conf/server* sudo chmod 600 /opt/bitnami/nginx/conf/server*
Now, restart all Bitnami services with this command:
sudo mv /opt/bitnami/nginx/conf/server.crt /opt/bitnami/nginx/conf/server.crt.old sudo mv /opt/bitnami/nginx/conf/server.key /opt/bitnami/nginx/conf/server.key.old sudo mv /opt/bitnami/nginx/conf/server.csr /opt/bitnami/nginx/conf/server.csr.old sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/nginx/conf/server.key sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/nginx/conf/server.crt sudo chown root:root /opt/bitnami/nginx/conf/server* sudo chmod 600 /opt/bitnami/nginx/conf/server*
How to test the configuration
After ensuring the domain name points to the public IP address of the Bitnami application process, we have to test it by browsing to https://DOMAIN.
This will lead to a secure welcome page of the Bitnami application. When we click the padlock icon in the address bar will display the details of the domain as well as the SSL certificate.
How to renew the Let’s Encrypt certificate
Another important fact is that Let’s Encrypt certificates are valid for only 90 days. It is a good idea to run the following commands as the bitnami user from the server console.
sudo /opt/bitnami/ctlscript.sh stop sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90 sudo /opt/bitnami/ctlscript.sh start
We can automatically renew the certificate before it expires by writing a script as seen below:
- We have to create a script at /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
sudo mkdir -p /opt/bitnami/letsencrypt/scripts sudo nano /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
- Next, enter the following in the script and save it.
For Apache:
#!/bin/bash sudo /opt/bitnami/ctlscript.sh stop apache sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90 sudo /opt/bitnami/ctlscript.sh start apache
For Nginx:
#!/bin/bash sudo /opt/bitnami/ctlscript.sh stop nginx sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90 sudo /opt/bitnami/ctlscript.sh start nginx
- Then, make the script executable with the following command:
sudo chmod +x /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
- After that open the crontab editor and add the line below to the file and save it:
0 0 1 * * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh 2> /dev/null
[Looking for a solution to another query? We are just a click away.]
Conclusion
To sum up, our skilled Support Engineers at Bobcares demonstrated Bitnami SSL certificate installation.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
0 Comments