Call Us! 1-800-383-5193
Call Us! 1-800-383-5193

Need Help?

Our experts will login to your server within 30 minutes to fix urgent issues.

We will keep your servers stable, secure and fast at all times for one fixed price.

Lightsail install ssl – How to do it

Secure communication always has its advantages. Also, https communications increase your website rankings too.

That’s why, websites on AWS Lightsail also need SSL certificates. Unfortunately, the Lightsail SSL needs a manual install that involves preset steps.

At Bobcares, we often get requests from our customers to install SSL on their AWS Lightsail websites as part of our Server Administration Services.

Today, we’ll see how our Support Engineers install Lightsail SSL in AWS instances without breaking the websites.

The need for LightSail SSL

Firstly, let’s get an idea on why we need SSL on the AWS Lightsail website. When using http connection, the data transfer between the web server and your browser will not be encrypted. This means, any attacker can get hold of your sensitive data during the transfer process. That’s where SSL helps. It encrypts all communication with the web server.

Luckily, AWS Lightsail comes with https support. It helps to encrypt the communication with the web server. But, the default dummy certificate will be having the domain name as “example.com“. But, when you access your website using secure https:// link, the certificate name conflict happens.  And, this will cause warnings while access your websites via browser.

That explains, why we need to install an SSL certificate for your domain in Lightsail instance.

 

Steps to do Lightsail SSL install

Now, let’s check on the steps to install Lightsail SSL.  Based on the type of SSL certificate, the install process varies.

 

1. Generate SSL

The primary step in the process is generating the SSL certificate. This depends on the type of SSL that we like to use on the website.

 

LetsEncrypt SSL

For example, let’s first check how our Support Engineers enable LetsEncrypt free SSL in Lightsail.

To make LetsEncrypt available, we first install certbot. For example, in a Ubuntu Lightsail instance, we use the following commands.

cd /home/bitnami
sudo apt-get install git
git clone https://github.com/letsencrypt/letsencrypt

This will setup Let’sEncrypt on the server. Now, its time to install the SSL certificate.

To install SSL for the domain.com, our Dedicated Engineers execute the following commands.

cd letsencrypt

/home/bitnami/letsencrypt/letsencrypt-auto certonly -w /home/bitnami/apps/domain.com/wordpress -d domain.com -d www.domain.com -d abc.domain.com

Here, -w gives the path to your website files, and the -d adds one or more domain names to the certificate.

For this command to work, the domain should resolve to the Lightsail instance correctly. This requires DNS modifications of the domain.

Let’s Encrypt prompts for a method to verify the ownership of the domain specified. We do this by adding TXT records to the DNS records for the domain. Finally, the cert generation will succeed only after DNS propagation.

 

Normal paid SSL

Again, some customers would like to use paid SSL certificates in their websites handling credit card data or so. In such cases, they get SSL from providers like RapidSSL, GoDaddy, etc. Here, the SSL installation steps slightly differs.

Generating CSR

As the first step, we need to generate Certificate Signing Request (CSR) to purchase SSL from the provider. Before proceeding further, our Dedicated Engineers log into your Lightsail container and rename the default certificate, key files in the folder /opt/bitnami/apache2/conf

Then, to generate CSR, we use the command:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

We, then send the server.csr file to the customer to get the SSL certificate.

 

2. Changing Webserver configuration

After SSL purchases or creation, we collect all the certificate files from the customer and configure the webserver to use it in the website. For instance, in the Apache web server, it involves the following changes.

Firstly, we copy the actual SSL certificate and key file to the folder /opt/bitnami/apache2/conf. Then, we check and confirm the following entries in the file /opt/bitnami/apache2/conf/bitnami/bitnami.conf :

SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
SSLCACertificateFile "/opt/bitnami/apache2/conf/server-ca.crt"

We restart the web server to make the SSL available on the Lightsail instance.

 

3. Forcing Website to use SSL

Installing SSL on the Lightsail instance is not enough for secure website transactions. All your visitors must be forcibly changed to the secure URL. Else, users will still use the normal http link, even though server has SSL.

To make this possible, our Dedicated Engineers add rewrite rules in .htaccess file. For example, in a WordPress website, the rules will look like :

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

This forces the website in Lightsail instance to use SSL link always.

 

Common errors with Lightsail SSL install process

From our experience in managing servers, we often see customers finding it difficult to make SSL work in Lightsail based websites. Let’s take a look at them now.

 

1. Wrong Permissions

Usually, wrong permissions create problems with website SSL working.

Recently, one of the customers came to us to fix the SSL error on his Lightsail website. On checking, our Support Engineers found that the certificate and the key files were having wrong permissions.

Here, we check the user that runs the webserver processes and make adequate modifications to the file permissions to fix the issue. For example, if Apache is running as the website’s user, we add file read privileges for the user.

 

2. Incomplete cert files

Again, incomplete certificate files also create problems with SSL. The cert file can get truncated when the user uploads it to the server. Or, there can be bad characters that accidentally get into the file. These all can cause SSL to fail.

Here, our Dedicated Engineers check the file in detail and fix the format. Or, we ask customers to upload the certificate and key files once again to fix the problems.

 

3. Firewall

Likewise, the Lightsail firewall can also make SSL fail. When the SSL port 443 is not open on the Lightsail instance, secure communication with websites does not work.

To fix, we enable port 443 from the firewall settings in the Networking tab of the Lightsail container control panel.
Further, we restart all the services using:

/opt/bitnami/ctlscript.sh restart

[Trouble will SSL install in Lightsail? We can fix it straight away.]

 

Conclusion

In short, installing SSL in Lightsail involves a series of steps. Today, we saw how our Support Engineers enable SSL in Lightsail and fix common problems with the install process.


PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Posts