Create WordPress Multi-Site on AWS LightSail (part 5)

Configure SSL

In this post we configure SSL for your site. We will refer to is as newsite.com

Install Certbot on LightSail Instance

  • open the ssh console
  • sudo apt-get update
  • sudo apt-get install software-properties-common
  • sudo apt-add-repository ppa:certbot/certbot -y
  • sudo apt-get update -y
  • sudo apt-get install certbot -y

Request a Let’s Encrypt Wildcard Certificate

  • open the ssh console
  • export DOMAIN=newsite.com
  • export WILDCARD=*.$DOMAIN
  • echo $DOMAIN && echo $WILDCARD
  • sudo certbot -d $DOMAIN -d $WILDCARD –manual –preferred-challenges dns certonly

The console will display a message saying something like:

Please deploy a TXT record under the name
_acme-challenge.newsite.com with the following value:
<certificate code>

Do not press Enter until you have Deployed and Checked the Deployment of the TXT Record (see the next two steps)

Deploy the TXT Record

  • login to LightSail
  • click on the Networking tab
  • open newsite.com DNS Zone
  • add record
    • TXT record
    • subdomain: _acme-challenge from the message
    • responds with: <certificate code>
  • click the green tick

Check the Deployment

Repeat

  • press enter in the ssh console
  • you will be prompted to deploy another TXT record and test it – as per the previous 2 steps

Complete the SSL Certificate Request

  • press enter in the ssh console
  • you will be provided with 2 certificates
    • fullchain.pem
    • privkey.pem
  • these certificates can be found in
    • /etc/letsencrypt/live/newsite.com

Stop the Apache Server

  • sudo /opt/bitnami/ctlscript.sh stop

Create Links to the Certificates in the Apache Server Directory

  • export DOMAIN=newsite.com
  • sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/newsite_server.key
  • sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/newsite_server.crt

Configure a Virtual Host for the NewSite

  • open the ssh console
  • edit the file /opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf

create or append the following entries

<VirtualHost *:80>
    ServerName newsite.com
    ServerAlias www.newsite.com
    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
</VirtualHost>
<VirtualHost *:443>
    ServerName newsite.com
    ServerAlias www.newsite.com
    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
    SSLEngine on
    SSLCertificateFile "/opt/bitnami/apache2/conf/newsite_server.crt"
    SSLCertificateKeyFile "/opt/bitnami/apache2/conf/newsite_server.key"
Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
</VirtualHost>

remember to substitute newsite throughout for your own domain

Link the SSL Certificates to the Apache Server

  • open the ssh console
  • sudo ln -s /etc/letsencrypt/live/newsite.com/fullchain.pem /opt/bitnami/apache2/conf/newsite_server.crt
  • sudo ln -s /etc/letsencrypt/live/newsite.com/privkey.pem /opt/bitnami/apache2/conf/newsite_server.key
  • edit the file: /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf
  • add the following entry

Include “/opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf”

Start the Apache Server

  • sudo /opt/bitnami/ctlscript.sh start

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.