As the „automatic“ script offered by Let’s encrypt isn’t compatible with the Bitnami WordPress Amazon Machine Image (AMI), which I am currently utilizing to host this website, here are the necessary steps to get your certificated installed and working on a Ubuntu 14.04 Bitnami instance on Amazon AWS:
- Get the necessary scripts from github:
git clone https://github.com/letsencrypt/letsencrypt
- If you haven´t installed git, just download the current version of the ACME script and extract it on your server:
wget https://github.com/letsencrypt/letsencrypt/archive/master.zip unzip master.zip
- If you haven´t installed git, just download the current version of the ACME script and extract it on your server:
- Change your active directory to the newly created:
cd letsencrypt
- First we will stop the Bitnami / WordPress stack:
sudo /opt/bitnami/ctlscript.sh stop
This step should work with all Bitnami instances.
- Start the ACME client with the production URL as an option from the command line.
sudo ./letsencrypt-auto --agree-dev-preview --server \ https://acme-v01.api.letsencrypt.org/directory auth
When you call the script, there might be some updates that will be installed during bootstrapping. The script is written in Python and you might need root rights to install all necessary dependencies.
You can only get a certificate when your domains are whitelisted at Let´s encrpyt during the beta phase.
- Then you need to enter your mail address. I took the same one I registered with to the beta test.
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /full/path/seiler.it/fullchain.pem. Your cert will expire on 2016-01-30. To obtain a new version of the certificate in the future, simply run Let's Encrypt again.
In this directory you can find the following files:
cert.pem, chain.pem, fullchain.pem and privkey.pem
You should get a copy of the certificates to a local folder on your computer.
sudo nano /path/to/apps/<your_application>/conf/httpd-vhosts.conf and /path/to/apps/apache2/conf/bitnami/bitnami.conf
In my case that would be: /path/to/bitnami/apps/wordpress/conf/httpd-vhosts.conf and /path/to/bitnami/apache2/conf/bitnami/bitnami.conf
This step should work on all Bitnami instances relying on Apache.
In the httpd-vhosts.conf I changed the <VirtualHost> settings of the three SSLCertificateFile* parameters to point to the correct location of the newly signed certificates. You do not need to care about the file types of the certificates (.pem). Those will just work as they only contain plain text. The overall section will look like the following lines:
<VirtualHost *:443> ServerName seiler.it ServerAlias www.seiler.it DocumentRoot "/path/to/htdocs" SSLEngine on SSLCertificateFile "/path/to/cert.pem" SSLCertificateKeyFile "/path/to/privkey.pem" SSLCertificateChainFile "/path/to/fullchain.pem" Include "/path/to/conf/httpd-app.conf" </VirtualHost>
<VirtualHost _default_:443> DocumentRoot "/opt/bitnami/apache2/htdocs" SSLEngine on SSLCertificateFile "/path/to/cert.pem" SSLCertificateKeyFile "/path/to/privkey.pem" SSLCertificateChainFile "/path/to/fullchain.pem"
sudo /opt/bitnami/ctlscript.sh start
There should be no error or warning displayed on the console.
//define('WP_SITEURL', 'https://seiler.it'); //define('WP_HOME', 'https://seiler.it'); define('WP_SITEURL', 'https://seiler.it'); define('WP_HOME', 'https://seiler.it');
- https://css-tricks.com/moving-to-https-on-wordpress/
- http://www.smartinternetlifestyle.com/how-to-redirect-http-to-https-on-wordpress/
- http://www.redirect301.de/weiterleitung-http-nach-https.html
- http://designmodo.com/wordpress-https/
- https://www.webongo.de/wordpress-https-umstellen/ (German language)
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
About certificate renewals and life times
Taken from the Email about the beta phase of Let’s encrypt, here are information about the current life time of certificates and how to deal with this short life time:
Certificates from Let’s Encrypt are valid for 90 days. We recommend renewing them every 60 days to provide a nice margin of error. As a beta participant, you should be prepared to manually renew your certificates at that time. As we get closer to General Availability, we hope to have automatic renewal tested and working on more platforms, but for now, please play it safe and keep track.
Danke für den Beitrag! Ich habe lange herum probiert bis ich hier auf die Lösung gestoßen bin.
I ran the process, and got the output successfully:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.(DOMAIN).com/fullchain.pem. Your cert
will expire on 2016-03-21. To obtain a new version of the
certificate in the future, simply run Let’s Encrypt again.
However, after editing my httpd-vhosts.conf file, I am still not getting SSL on my site. httpd-vhosts.conf is as follows:
ServerName (DOMAIN).com
ServerAlias www.(DOMAIN).com
DocumentRoot „/opt/bitnami/apps/joomla/htdocs“
Include „/opt/bitnami/apps/joomla/conf/httpd-app.conf“
ServerName (DOMAIN).com
ServerAlias www.(DOMAIN).com
DocumentRoot „/opt/bitnami/apps/joomla/htdocs“
SSLEngine on
SSLCertificateFile „/etc/letsencrypt/live/www.(DOMAIN).com/cert.pem“
SSLCertificateKeyFile „/etc/letsencrypt/live/www.(DOMAIN).com/privkey.pem“
SSLCertificateChainFile „/etc/letsencrypt/live/www.(DOMAIN).com/fullchain.pem“
Include „/opt/bitnami/apps/joomla/conf/httpd-app.conf“
Any idea what I am doing wrong?
From that point it looks the right way. Just to be sure:
1.) Have you checked, that you haven´t any other certificate (sgvps.net) from AlphaSSL that is used for your side?
2.) Did you restarted the services?
3.) Is anything configured the right way in your httpd-app.conf?
Hello and thank´s
I follow all steps and all is ok but when i put this line:
sudo ./letsencrypt-auto –agree-dev-preview –server https://acme-v01.api.letsencrypt.org/directory auth
don´t continue and put me this:
Updating letsencrypt and virtual environment dependencies..../letsencrypt-auto: 186: ./letsencrypt-auto: /home/bitnami/.local/share/letsencrypt/bin/pip: not found
help me please!