How to Install an SSL Certificate on an AWS EC2 Bitnami WordPress Site

In this article, I show you how to install a SSL certificate on your AWS Bitnami WordPress server.

Prerequisites

Okay, before we start I’m assuming you have already:

  1. Created the Bitnami WordPress site – see How to Create a WordPress Blog Using AWS Lightsail
  2. Purchased a SSL certificate from a Certificate Authority (CA) and downloaded it to your computer – see How to Create a Certificate Signing Request (CSR) – Apache
  3. Created a private key file (see link in 2 above)
  4. Have a way of connecting to your server via SSH – see How to Connect to an Amazon Web Services (AWS) EC2 Instance Using SSH



Install the SSL Certificate

When you’ve done these preliminary steps, you need to:

Step 1 – Open the folder you downloaded to your computer from the SSL certificate provider. This should contain one or two files which look like:

How to Install a SSL Certificate on a AWS Bitnami WordPress Site
Example certificates

Step 2 – Copy the certificate files to the correct locations on your AWS EC2 or Lightsail instance using SSH – See How to Copy Files to an AWS EC2 Instance Using SFTP

You created the key file when you created the Certificate Signing Request for the SSL certificate.

The correct directories for each file are:

File Directory
Certificate file /opt/bitnami/apache2/conf/your.crt
Certificate key file /opt/bitnami/apache2/conf/your.key
CA Certificate bundle file (if present) /opt/bitnami/apache2/conf/your-bundle.crt
* replace your with your files

Step 3 – Check the Apache version running on the server using the terminal command as you will need to know this for Step 5.

$ httpd -v

The server version will be displayed as Apache/2.4.xx in the terminal.

How to Install a SSL Certificate on a AWS EC2 Bitnami WordPress Site
Check the Apache server version using httpd -v

Step 4 – Open the bitnami.conf file using the following command

$ nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf

Step 5 – Scroll down to the <VirtualHost _default_:443> section and replace the default server.crt files with the correct certificate file names for the files uploaded in Step 2 above.

How to Install a SSL Certificate on a AWS EC2 Bitnami WordPress Site
Amend the configuration file with the correct certificate and key file names

Step 6 – Add a line for your CA Certificate bundle file

If your Apache version is lower than v2.4.8, add this line under the SSLCertificateKeyFile

SSLCertificateChainFile "/opt/bitnami/apache2/conf/your-bundle.crt"

If your Apache version is v2.4.8 or above, add this line under the SSLCertificateKeyFile

SSLCACertificateFile "/opt/bitnami/apache2/conf/your-bundle.crt"

Important – make sure the file names have been entered correctly in the configuration file and the certificates are located in the correct directories before proceeding further.

Step 7 – Save the file by pressing ctrl-X on your keyboard and Y to save changes

Step 8 – Make the files readable by the root user only by entering the following commands in the terminal:

$ sudo chown root:root /opt/bitnami/apache2/conf/server* $ sudo chmod 600 /opt/bitnami/apache2/conf/server*

Step 9 – Check the firewall to see if Port 443 is open (default setting in AWS Lightsail Bitnami installation) – see xxxINSERT LINK HERExxx

Step 10 – Restart the Apache server using

$ sudo /opt/bitnami/ctlscript.sh restart apache

If you get any errors check Step 5 again, otherwise your certificate should now be installed and the padlock sign appears when entering the URL in a browser.

How to Create a Certificate Signing Request (CSR) – Apache

For LAMP stack users, once you have purchased a SSL certificate from a Certificate Authority, you will need to generate a Certificate Signing Request (CSR) to link the certificate to your domain name and server.

Step 1 – SSH into your server instance

Step 2 – Generate the CSR and key by typing the following command at the prompt and then pressing ‘Enter’:

openssl req -new -newkey rsa:2048 -nodes -keyout 
yourdomain.key -out yourdomain.csr

RSA:2048 is the recommended key size.

Replace yourdomain with your domain name excluding the extension, e.g. for example.com use example.key and example.csr. 



The program will ask for some information which you will need to enter in full not using abbreviations:

  • Common name – the fully qualified domain name e.g. example.com. If the Certificate Authority allows a wildcard (*) certificate you can enter *.example.com
  • Organization – your organization’s legal name or your name if it is a person requesting the certificate not a company
  • Organization Unit – the trading or ‘doing business as’ name
  • City or locality – the city where the organization is registered or located
  • State or Province – the state or province where the organization is registered or located
  • Country – the two-letter ISO format country code where the organization is registered or located

Step 3 – When the program has finished, type the following at the command prompt and you should see two files: yourdomain.csr and yourdomain.key

ls

You have now created a CSR and view the CSR by entering:

nano yourdomain.csr

You now need to follow the instructions when purchasing the certificate on copying and pasting the CSR including the —BEGIN NEW CERTIFICATE REQUEST— and —END NEW CERTIFICATE REQUEST— into the SSL order form.