Skip to content

Instantly share code, notes, and snippets.

@joeygrable94

joeygrable94/aws-bitnami-wp-ssl-autorenewal-instructions.md

Last active December 2, 2022 18:33
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save joeygrable94/dbae9c7bafe482a29ddae296bc22e5ae to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save joeygrable94/dbae9c7bafe482a29ddae296bc22e5ae to your computer and use it in GitHub Desktop.
Download ZIP
AWS Bitnami WordPress, NGINX, SSL Lets Encrypt Auto Renewal
Raw
aws-bitnami-wp-ssl-autorenewal-instructions.md

WordPress With NGINX And SSL Packaged By Bitnami For Virtual Machines

Using Approach A or B

test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."

Install Lets Encrypt GO (LEGO) Client

cd /tmp
curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -
tar xf lego_vX.Y.Z_linux_amd64.tar.gz
sudo mkdir -p /opt/bitnami/letsencrypt
sudo mv lego /opt/bitnami/letsencrypt/lego

Generate A Let’s Encrypt Certificate For Your Domain

sudo /opt/bitnami/ctlscript.sh stop

sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL_ADDRESS" --domains="DOMAIN" --domains="www.DOMAIN" --path="/opt/bitnami/letsencrypt" run

# example
sudo /opt/bitnami/letsencrypt/lego --tls --email="admin@getcommunity.com" --domains="gcembed.getcommunity.com" --path="/opt/bitnami/letsencrypt" run
sudo /opt/bitnami/letsencrypt/lego --tls --email="admin@getcommunity.com" --domains="gcembed.getcommunity.com" --domains="gcembed.getcommunityinc.com" --path="/opt/bitnami/letsencrypt" run

Configure The Web Server To Use The Let’s Encrypt Certificate

Approach A: Apache

sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt.old
sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.key /opt/bitnami/apache2/conf/bitnami/certs/server.key.old
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/apache2/conf/bitnami/certs/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt
sudo chown root:root /opt/bitnami/apache2/conf/bitnami/certs/server*
sudo chmod 600 /opt/bitnami/apache2/conf/bitnami/certs/server*

Approach A: NGINX

sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt.old
sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.key /opt/bitnami/nginx/conf/bitnami/certs/server.key.old
sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.csr /opt/bitnami/nginx/conf/bitnami/certs/server.csr.old
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/nginx/conf/bitnami/certs/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt
sudo chown root:root /opt/bitnami/nginx/conf/bitnami/certs/server*
sudo chmod 600 /opt/bitnami/nginx/conf/bitnami/certs/server*

# example
sudo ln -sf /opt/bitnami/letsencrypt/certificates/gcembed.getcommunity.com.key /opt/bitnami/nginx/conf/bitnami/certs/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/gcembed.getcommunity.com.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt

Approach B: Apache

sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/apache2/conf/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/apache2/conf/server.crt
sudo chown root:root /opt/bitnami/apache2/conf/server*
sudo chmod 600 /opt/bitnami/apache2/conf/server*

Approach B: NGINX

sudo mv /opt/bitnami/nginx/conf/server.crt /opt/bitnami/nginx/conf/server.crt.old
sudo mv /opt/bitnami/nginx/conf/server.key /opt/bitnami/nginx/conf/server.key.old
sudo mv /opt/bitnami/nginx/conf/server.csr /opt/bitnami/nginx/conf/server.csr.old
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/nginx/conf/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/nginx/conf/server.crt
sudo chown root:root /opt/bitnami/nginx/conf/server*
sudo chmod 600 /opt/bitnami/nginx/conf/server*

Restart All Services

sudo /opt/bitnami/ctlscript.sh start

Renew The Let’s Encrypt Certificate

Simple Renewal Process Overview

sudo /opt/bitnami/ctlscript.sh stop
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90
sudo /opt/bitnami/ctlscript.sh start

Auto Renewal

Create a Renewal Script at /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

sudo mkdir -p /opt/bitnami/letsencrypt/scripts
sudo nano /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

For Apache:

#!/bin/bash

sudo /opt/bitnami/ctlscript.sh stop apache
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90
sudo /opt/bitnami/ctlscript.sh start apache

For NGINX:

#!/bin/bash

sudo /opt/bitnami/ctlscript.sh stop nginx
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90
sudo /opt/bitnami/ctlscript.sh start nginx

# example
sudo /opt/bitnami/letsencrypt/lego --tls --email="admin@getcommunity.com" --domains="gcembed.getcommunity.com" --domains="gcembed.getcommunityinc.com" --path="/opt/bitnami/letsencrypt" renew --days 90

Make The Script Executable

sudo chmod +x /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

Open The Crontab Editor

sudo crontab -e

Add the following lines to the crontab file and save it.

0 0 1 * * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh 2> /dev/null

Troubleshooting

rm -rf /opt/bitnami/letsencrypt

Remove the cron job for certificate renewal by opening the crontab editor using the command below and removing the line added for the certificate renewal script.

sudo crontab -e

Troubleshooting Approach A: Apache

sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.crt.old /opt/bitnami/apache2/conf/bitnami/certs/server.crt
sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.key.old /opt/bitnami/apache2/conf/bitnami/certs/server.key
sudo /opt/bitnami/ctlscript.sh restart

Troubleshooting Approach A: NGINX

sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.crt.old /opt/bitnami/nginx/conf/bitnami/certs/server.crt
sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.key.old /opt/bitnami/nginx/conf/bitnami/certs/server.key
sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.csr.old /opt/bitnami/nginx/conf/bitnami/certs/server.csr
sudo /opt/bitnami/ctlscript.sh restart

Troubleshooting Approach B: Apache

sudo mv /opt/bitnami/apache2/conf/server.crt.old /opt/bitnami/apache2/conf/server.crt
sudo mv /opt/bitnami/apache2/conf/server.key.old /opt/bitnami/apache2/conf/server.key
sudo mv /opt/bitnami/apache2/conf/server.csr.old /opt/bitnami/apache2/conf/server.csr
sudo /opt/bitnami/ctlscript.sh restart

Troubleshooting Approach B: NGINX

sudo mv /opt/bitnami/nginx/conf/server.crt.old /opt/bitnami/nginx/conf/server.crt
sudo mv /opt/bitnami/nginx/conf/server.key.old /opt/bitnami/nginx/conf/server.key
sudo mv /opt/bitnami/nginx/conf/server.csr.old /opt/bitnami/nginx/conf/server.csr
sudo /opt/bitnami/ctlscript.sh restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment