Step 1: Before installing the SSL certificate on your Lightsail instance you have created the Lightsail instance.
Once you create the instance you have to purchase a domain to assign the instance to the purchased domain and finally download the putty if you want to access your server otherwise, ignore this one.
Step 2: Open your SSH terminal to install the Certbot for your Lightsail instance. Once you open your ssh terminal, just this code
sudo apt-get update
to update your package.
Step 3: For the software properties package to install on your instance use this code
sudo apt-get install software-properties-common
Step 4: Use the following code to add Certbot to the apt repository
sudo apt-add-repository ppa:certbot/certbot –y
Step 5: Use the code to update the apt so that you can include the new repository
sudo apt-get update –y
Step 6: Use the code to install the Certbot
sudo apt-get install certbot -y
So now, you have successfully installed the Certbot on your Lightsail instance.
Step 7: keep your SSH terminal open, So now you have to request a Let’s Encrypt SSL Certificate.
DOMAIN=yourDomain.com WILDCARD=*.$DOMAIN
Step 8: Use the code to view or confirm the domain you have entered
echo $DOMAIN && echo $WILDCARD
Step 9: Use the code to start Certbot (interactive mode), Which means you are saying to the Certbot to use the manual authorization and verify the domain ownership
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly
once you enter the code, it will ask for your email address; provide it and hit the enter button, and you can also read the terms and conditions.
Step 10: Now you have the TXT record with value, copy the TXT record and values, i.e., _acme-challenge.yourDomain.com, and the value is CvKHWLeioiz5BBU; make sure to keep the SSH window open.
Step 11: So now go to the DNS setting, i.e., if you purchased the domain for GoDaddy for other domain providers, add your TXT record with values that you have copied/saved _acme-challenge.yourDomain.com, and the value of is CvKHWLeioiz5BBU make sure select the TXT record.
Step 12: Now that you have confirmed that your TXT record has correctly propagated, go to the mxtoolbox and add the _acme-challenge.yourDomain.com and hit the TXT Lookup button; it will show your TXT record. Repeat the same 11 and 12 steps for the second TXT record, and hit the enter button from your SSH panel.
Wait for a few seconds; lects encrypt to verify your SSL certificate. Once it’s done, they will show you the expiration date with a congratulatory message on your SSH terminal.
Keep your expiry date so you can further renew your certificate.
This is your Confirmation message.
Step 13: Now, link your let’s encrypt Certbot with our apache servers files/directory. Use this code to link.
sudo /opt/bitnami/ctlscript.sh stop
Step 14: Now you have set the environment variable
DOMAIN=yourDomain.com
Step 15: Check your domain name
echo $DOMAIN
Step 16: Use the following code individually.
sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
Step 17: Use the following code to create the links with your certificate (apache directory).
sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt
Step 18: Now its time to restart your services
sudo /opt/bitnami/ctlscript.sh start
Congratulation, you have successfully installed the SSL certificate for your Amazone Lightsail instance.
