Configure SSL NEW METHOD



  1. New command

    sudo /opt/bitnami/bncert-tool

  2. Domanis for easy copy paste

    www.

    adam.bock@pinkpanda.com.au

  3. Run the following commands to install the Lego client.

    Note that you will need to replace the X.Y.Z placeholder with the actual version number of the downloaded archive:

    cd /tmp
    curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -
    tar xf lego_vX.Y.Z_linux_amd64.tar.gz
    sudo mkdir -p /opt/bitnami/letsencrypt
    sudo mv lego /opt/bitnami/letsencrypt/lego

  4. Turn off all Bitnami services

    sudo /opt/bitnami/ctlscript.sh stop

  5. Request a new certificate both with and without the www prefix

    sudo /opt/bitnami/letsencrypt/lego --tls --email="adam.bock@pinkpanda.com.au" --domains="" --domains="www." --path="/opt/bitnami/letsencrypt" run

  6. Link up cert keys

    sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
    sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
    sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
    sudo ln -sf /opt/bitnami/letsencrypt/certificates/.key /opt/bitnami/apache2/conf/server.key
    sudo ln -sf /opt/bitnami/letsencrypt/certificates/.crt /opt/bitnami/apache2/conf/server.crt
    sudo chown root:root /opt/bitnami/apache2/conf/server*
    sudo chmod 600 /opt/bitnami/apache2/conf/server*


    // NEW BITNAMI OPTIONS
    sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.crt /opt/bitnami/apache/conf/bitnami/certs/server.crt.old
    sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.key /opt/bitnami/apache/conf/bitnami/certs/server.key.old
    sudo ln -sf /opt/bitnami/letsencrypt/certificates/.key /opt/bitnami/apache/conf/bitnami/certs/server.key
    sudo ln -sf /opt/bitnami/letsencrypt/certificates/.crt /opt/bitnami/apache/conf/bitnami/certs/server.crt

  7. Start bitnami

    sudo /opt/bitnami/ctlscript.sh start

  8. To set up auto renew, create a script at /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

    sudo mkdir -p /opt/bitnami/letsencrypt/scripts
    sudo nano /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

  9. Enter the following content

    #!/bin/bash

    sudo /opt/bitnami/ctlscript.sh stop apache
    sudo /opt/bitnami/letsencrypt/lego --tls --email="adam.bock@pinkpanda.com.au" --domains="" --domains="www." --path="/opt/bitnami/letsencrypt" renew --days 90
    sudo /opt/bitnami/ctlscript.sh start apache

  10. Make the script executable

    sudo chmod +x /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

  11. Execute the following command to open the crontab editor:

    sudo crontab -e

  12. Add the following lines

    0 0 1 * * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh 2> /dev/null

  13. Force https

    nano /opt/bitnami/apache2/conf/vhosts/wordpress-vhost.conf

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  14. Drop www

    nano /opt/bitnami/apache2/conf/vhosts/wordpress-https-vhost.conf

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

  15. Remove insecure SSL

    nano /opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf

  16. Update SSLProtocol line to the below

    SSLProtocol TLSv1.2

Other Process Documents