AWS – LetsEncrypt SSL AutoRenew
-
Install LetsEncrypt
sudo mkdir /opt/bitnami/letsencrypt
cd /opt/bitnami/letsencrypt
sudo wget https://dl.eff.org/certbot-auto
sudo chmod a+x ./certbot-auto
sudo ./certbot-auto -
Stop the apache server
sudo /opt/bitnami/ctlscript.sh stop -
Start lets encrypt
cd /opt/bitnami/letsencrypt
sudo ./certbot-auto certonly --standalone -d DOMAIN -d www.DOMAIN -
Update certificate links
sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
sudo ln -s /etc/letsencrypt/live/DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key
sudo ln -s /etc/letsencrypt/live/DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt
-
Update permissions
sudo chown root:root /opt/bitnami/apache2/conf/server*
sudo chmod 600 /opt/bitnami/apache2/conf/server* -
Test Auto renewal
cd /opt/bitnami/letsencrypt
sudo ./certbot-auto renew -
Add auto renewal cron job
sudo crontab -e -
Add the following lines
24 0 * * * /opt/bitnami/letsencrypt/certbot-auto renew
16 12 * * * /opt/bitnami/letsencrypt/certbot-auto renew
30 1 * * 7 /opt/bitnami/ctlscript.sh restart apache
-
Open bitnami conf
This is the htaccess equivalent
nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf -
Drop www.
Under VirtualHost _default_:443
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^/?(.*)$ https://%1$1 [R=permanent,L]
-
Force https://
Under VirtualHost _default_:80
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://pp.pinkpanda.com.au/$1 [R,L]
-
Start the server
sudo /opt/bitnami/ctlscript.sh start