June 2022

Renew AWS SSL Certificate

Step 1: Before installing the SSL certificate on your Lightsail instance you have created the Lightsail instance.

Once you create the instance you have to purchase a domain to assign the instance to the purchased domain and finally download the putty if you want to access your server otherwise, ignore this one.

Step 2: Open your SSH terminal to install the Certbot for your Lightsail instance. Once you open your ssh terminal, just this code

sudo apt-get update

to update your package.

Step 3: For the software properties package to install on your instance use this code

sudo apt-get install software-properties-common

Step 4: Use the following code to add Certbot to the apt repository

sudo apt-add-repository ppa:certbot/certbot –y

Step 5: Use the code to update the apt so that you can include the new repository

sudo apt-get update –y

Step 6: Use the code to install the Certbot

sudo apt-get install certbot -y

So now, you have successfully installed the Certbot on your Lightsail instance.

Step 7: keep your SSH terminal open, So now you have to request a Let’s Encrypt SSL Certificate.

DOMAIN=yourDomain.com
WILDCARD=*.$DOMAIN

Step 8: Use the code to view or confirm the domain you have entered

echo $DOMAIN && echo $WILDCARD

Step 9: Use the code to start Certbot (interactive mode), Which means you are saying to the Certbot to use the manual authorization and verify the domain ownership

sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly

once you enter the code, it will ask for your email address; provide it and hit the enter button, and you can also read the terms and conditions.

Step 10: Now you have the TXT record with value, copy the TXT record and values, i.e., _acme-challenge.yourDomain.com, and the value is CvKHWLeioiz5BBU; make sure to keep the SSH window open.

Step 11:  So now go to the DNS setting, i.e., if you purchased the domain for GoDaddy for other domain providers, add your TXT record with values that you have copied/saved _acme-challenge.yourDomain.com, and the value of is CvKHWLeioiz5BBU make sure select the TXT record.

Step 12: Now that you have confirmed that your TXT record has correctly propagated, go to the mxtoolbox and add the _acme-challenge.yourDomain.com and hit the TXT Lookup button; it will show your TXT record. Repeat the same 11 and 12 steps for the second TXT record, and hit the enter button from your SSH panel.

Wait for a few seconds; lects encrypt to verify your SSL certificate. Once it’s done, they will show you the expiration date with a congratulatory message on your SSH terminal.

Keep your expiry date so you can further renew your certificate.

This is your Confirmation message.

Step 13: Now, link your let’s encrypt Certbot with our apache servers files/directory. Use this code to link.

sudo /opt/bitnami/ctlscript.sh stop

Step 14: Now you have set the environment variable

DOMAIN=yourDomain.com

Step 15: Check your domain name

echo $DOMAIN

Step 16: Use the following code individually.

 sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
 sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
 sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old

Step 17: Use the following code to create the links with your certificate (apache directory).

sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key
sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt

Step 18: Now its time to restart your services

sudo /opt/bitnami/ctlscript.sh start

Congratulation, you have successfully installed the SSL certificate for your Amazone Lightsail instance.