Ok, you were right that I needed to set up the website to use the LE certificate. So these are the steps I took to use a Let’s Encrypt (LE) SSL certificate on my bitnami AMI instance on Amazon ec2. Note that this site has a domain name.
1) Get certbot
Follow the instructions
here which are reporduced below.
Linux commands:
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto
2) Generate the LE SSL certificate
Use the webroot method to generate SSL certificates
./certbot-auto certonly --webroot -w /home/bitnami/apps/<yourWordpressSiteFolder>/htdocs -d <yourDomainName.com>
3) Configure your site to use the LE SSL certificate
Once the certificates are generated you have two options. I did it one way, and bitnami suggests another way to do it
here.
First, the way I did it:
Open the following file.
/opt/bitnami/apps/<yourWordpressSiteFolder>/conf/httpd-vhosts.conf
Change
SSLCertificateFile "/opt/bitnami/apps/<yourWordpressSiteFolder>/conf/certs/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apps/<yourWordpressSiteFolder>/conf/certs/server.key"
To
SSLCertificateFile "/etc/letsencrypt/live/<yourDomainName>/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/<yourDomainName>/privkey.pem"
Now the way bitnami suggests:
Bitnami suggests just copying the Let’s Encrypt certificate and key file to the location of the existing certificate. I don’t believe auto renew would work with this method, because I think you would need to copy the new cert.pem and privkey.pem files again each time you renew your certificate, but maybe I’m wrong and these files don’t change. Anyway, if you want to see bitnami’s instructions for this, click here.
4) Restart Apache
For changes to the httpd file to take effect, you need to restart the Apache web server. This can be done with bitnami with the following command.
sudo /opt/bitnami/ctlscript.sh restart apache
5) Your site is now https!
However, it is likely the https:// text is not green in your URL. If you click the https:// text you may see this message:
Mixed Content
The site includes HTTP resources.
View requests in Network Panel
The way I fixed this was to install the ‘Really Simple SSL’ plugin, by Rogier Lankhorst, from the Wordpress Plugin Repository and activate it.
After activating it you will need to click a button that says ‘use SSL’ or something similar. Once it converts your site to use https it may tell you that it can’t modify the .htaccess file. You may not need to allow access to the .htaccess file for the plugin and site to work, but if you want to allow access to it, use the following commands in the terminal of your site.
Warning! I am not knowlegeable when it comes to permissions for files like .htaccess. If it is dangerous to change the permissions as I suggest below, please leave a comment telling me.
Now for the commands to allow the plugin access to .htaccess
sudo chown -R bitnami:daemon /opt/bitnami/apps/<yourWordpressSiteFolder>/htdocs/.htaccess
sudo chmod 664 /opt/bitnami/apps/<yourWordpressSiteFolder>/htdocs/.htaccess
And there you go! The plugin and your site should now be working and using https!
6) Optional: Automate renewal
First do a dry run to test the renewal. Then set it up for renewal. The commands are written below and they were copied from
here.
./path/to/certbot-auto renew --dry-run
./path/to/certbot-auto renew --quiet --no-self-upgrade
Feel free to leave comments for any questions or variations you implement in getting a LE certificate working on your website!