Go to the profile of  Paras Patidar
Paras Patidar
I am working on Machine Learning, Python and Django.
3 min read

Generate and Install Free SSL Certificate for bitnami application - Let's Encrypt

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG). It gives you free Certificates for your website

Generate and Install Free SSL Certificate for bitnami application - Let's Encrypt

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG). It gives you free Certificates for your website. You can also get free SSL certificate from this website which can secure your website and your browser will be accepting your website with https protocol.

I will guide you with all the steps one by one ...

Assumptions And Prerequisites

This guide assumes that:

  • You have deployed a Bitnami application and the application is available at a public IP address.
  • You have the necessary credentials to log in to the Bitnami application instance.
  • You own one or more domain names.
  • You have configured the domain name’s DNS record to point to the public IP address of your Bitnami application instance.

Steps :

If your Bitnami image does not include the auto-configuration script or the /opt/bitnami/letsencrypt/ directory, you can manually install the Lego client and generate and install the Let’s Encrypt certificates. Follow the steps below.

Step 1: Install The Lego Client

The Lego client simplifies the process of Let’s Encrypt to generate SSL certificates.

  • Login to ssh console as the root bitnami user
  • Run the below commands to download, extract and copy the Lego client to a directory in your path.

cd /tmp
curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -
tar xf lego_vX.Y.Z_linux_amd64.tar.gz
sudo mkdir -p /opt/bitnami/letsencrypt
sudo mv lego /opt/bitnami/letsencrypt/lego

Step 2: Generate A Let’s Encrypt Certificate For Your Domain

NOTE: Before going to next step, make sure that your domain name points to the public IP address of the Bitnami application host.
Now let's generate SSL certificate for our domain :

  • Turn off all bitnami services :

sudo /opt/bitnami/ctlscript.sh stop
  • Request a new certificate for your domain, executing the following command below. Replace your EMAIL-ADDRESS with your email and DOMAIN with your domain .Keep WWW in the third part and replace the DOMAIN part.

sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --domains="www.DOMAIN" --path="/opt/bitnami/letsencrypt" run
  • Agree to the terms of services

Step 3: Configure The Web Server To Use The Let’s Encrypt Certificate

Next, tell the Web server about the new certificate, as follows:

  • Link the new SSL certificate and certificate key file to the correct locations, depending on which Web server you’re using. Update the file permissions to make them readable by the root user only. Remember to replace the DOMAIN placeholder with your actual domain name.
  • For Apache:

sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/apache2/conf/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/apache2/conf/server.crt
sudo chown root:root /opt/bitnami/apache2/conf/server*
sudo chmod 600 /opt/bitnami/apache2/conf/server*
  • For NGINX:

sudo mv /opt/bitnami/nginx/conf/server.crt /opt/bitnami/nginx/conf/server.crt.old
sudo mv /opt/bitnami/nginx/conf/server.key /opt/bitnami/nginx/conf/server.key.old
sudo mv /opt/bitnami/nginx/conf/server.csr /opt/bitnami/nginx/conf/server.csr.old
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/nginx/conf/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/nginx/conf/server.crt
sudo chown root:root /opt/bitnami/nginx/conf/server*
sudo chmod 600 /opt/bitnami/nginx/conf/server*
  • Restart all Bitnami services:

sudo /opt/bitnami/ctlscript.sh start 

To add one or more domains to an existing certificate, simply repeat Steps 2 and 3 again, ensuring the same order of domain names is maintained in the lego command and adding the new domain name(s) to the end with additional –domains arguments.

Step 4: Test The Configuration

Now, test the configuration in your browser.

It will work...

Thank You !


Let's Encrypt

For more information visit here Bitnami Docs