I changed this tutorial on 2016-01-26 as I recognized, I missed to mention one of the config files, where you have to add the certificat files, too. The tutorial works with the final version of Let’s encrypt, even when written in Beta phase.
As I just wrote in a blog post before, Let’s encrypt just launched the beta test. In the beta phase your whitelisted domains will gain a valid certificate for 90 days, but this duration will be increased soon. So it is time to set the certificate up and make the web more secure.

As the „automatic“ script offered by Let’s encrypt isn’t compatible with the Bitnami WordPress Amazon Machine Image (AMI), which I am currently utilizing to host this website, here are the necessary steps to get your certificated installed and working on a Ubuntu 14.04 Bitnami instance on Amazon AWS:

  1. Get the necessary scripts from github:
    git clone https://github.com/letsencrypt/letsencrypt
    1. If you haven´t installed git, just download the current version of the ACME script and extract it on your server:
      wget https://github.com/letsencrypt/letsencrypt/archive/master.zip
      unzip master.zip
  2. Change your active directory to the newly created:
    cd letsencrypt
  3. First we will stop the Bitnami / WordPress stack:
    sudo /opt/bitnami/ctlscript.sh stop

    This step should work with all Bitnami instances.

  4. Start the ACME client with the production URL as an option from the command line.
    sudo ./letsencrypt-auto --agree-dev-preview --server \
    https://acme-v01.api.letsencrypt.org/directory auth

    When you call the script, there might be some updates that will be installed during bootstrapping. The script is written in Python and you might need root rights to install all necessary dependencies.

    You can only get a certificate when your domains are whitelisted at Let´s encrpyt during the beta phase.

  5. Then you need to enter your mail address. I took the same one I registered with to the beta test.
Enter your mail address

Enter your mail address

  • Now enter the domain names you would like to get a certificate for. Please keep in mind, that only those domain names are valid, that are already registered and white listed at Let’s Encrypt
  • Add your domain names

    Add your domain names

  • If you get the following information displayed, you need to stop the https services first.
  • If you get this message, you need to stop your server first.

    Stop the services first!

  • Finally, you need to agree to the Terms of Services to be enabled to use the free SSL certificated from Let’s Encrypt.
  • Accept the Terms of Service

    Accept the Terms of Service

  • After finishing the steps above, you will get feedback on the console where you can find your certificates:
     - Congratulations! Your certificate and chain have been saved at
       /full/path/seiler.it/fullchain.pem. Your cert will
       expire on 2016-01-30. To obtain a new version of the certificate in
       the future, simply run Let's Encrypt again.

    In this directory you can find the following files:
    cert.pem,  chain.pem,  fullchain.pem and privkey.pem
    You should get a copy of the certificates to a local folder on your computer.

  • Now we need to add these certificates to the Bitnami AMI.  Just edit your httpd confic file and double check, that you added all certificates the right way:
    sudo nano /path/to/apps/<your_application>/conf/httpd-vhosts.conf and /path/to/apps/apache2/conf/bitnami/bitnami.conf

    In my case that would be: /path/to/bitnami/apps/wordpress/conf/httpd-vhosts.conf and  /path/to/bitnami/apache2/conf/bitnami/bitnami.conf
    This step should work on all Bitnami instances relying on Apache.
    In the httpd-vhosts.conf I changed the <VirtualHost> settings of the three SSLCertificateFile* parameters to point to the correct location of the newly signed certificates. You do not need to care about the file types of the certificates (.pem). Those will just work as they only contain plain text. The overall section will look like the following lines:

    <VirtualHost *:443>
        ServerName seiler.it
        ServerAlias www.seiler.it
        DocumentRoot "/path/to/htdocs"
        SSLEngine on
        SSLCertificateFile "/path/to/cert.pem"
        SSLCertificateKeyFile "/path/to/privkey.pem"
        SSLCertificateChainFile "/path/to/fullchain.pem"
        Include "/path/to/conf/httpd-app.conf"
  • In the bitnami.conf I changed changed the same lines
    <VirtualHost _default_:443>
      DocumentRoot "/opt/bitnami/apache2/htdocs"
      SSLEngine on
      SSLCertificateFile "/path/to/cert.pem"
      SSLCertificateKeyFile "/path/to/privkey.pem"
      SSLCertificateChainFile "/path/to/fullchain.pem"
  • [...] </VirtualHost>


  • In the next step save and restart your hosting services:
    sudo /opt/bitnami/ctlscript.sh start

    There should be no error or warning displayed on the console.

  • Edit your wp-config.php  and change your default host to https://
    //define('WP_SITEURL', 'https://seiler.it');
    //define('WP_HOME', 'https://seiler.it');
    define('WP_SITEURL', 'https://seiler.it');
    define('WP_HOME', 'https://seiler.it');
  • Now you should check your domain, if it is working with https://
  • You might see some (or a lot, when unlucky) of mixed content warnings in the developer console of your browser, and your server might not load all images / other content. These are caused by references to „unsecure“ destinations where your images or other content like CSS and JavaScript files are loaded from. For instance, in you WordPress theme you might have set up a referenes to a logo or for other images / content, that are utilizing complete URLs, starting with http:// and not just relative paths. As this „problem“ can get quite complex I am linking here some pages that deal with the mixed content warning that might help you with a solution:
    1. https://css-tricks.com/moving-to-https-on-wordpress/
    2. http://www.smartinternetlifestyle.com/how-to-redirect-http-to-https-on-wordpress/
    3. http://www.redirect301.de/weiterleitung-http-nach-https.html
    4. http://designmodo.com/wordpress-https/
    5. https://www.webongo.de/wordpress-https-umstellen/ (German language)
  • If everything is fine, we are going finally to update your .htaccess file. Just add the following to the very beginning of the file:
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  • About certificate renewals and life times

    Taken from the Email about the beta phase of Let’s encrypt, here are information about the current life time of certificates and how to deal with this short life time:

    Certificates from Let’s Encrypt are valid for 90 days. We recommend renewing them every 60 days to provide a nice margin of error. As a beta participant, you should be prepared to manually renew your certificates at that time. As we get closer to General Availability, we hope to have automatic renewal tested and working on more platforms, but for now, please play it safe and keep track.