Install GoDaddy SSL on AWS Lightsail or EC2 by Bitnami

There are many tutorials on how to install SSL certificates using a AWS Bitnami but I wanted to purchase an SSL cert from GoDaddy and install things manually. Here's how.


This is Part 2 of Installing a secure WordPress blog on AWS EC2 using Bitnami.


Step 0 - Getting Started

You won't need these but it's helpful to know that there are a few existing pre-installed certificates.

ls /opt/bitnami/apache2/conf/

Bitnami created this server certificate for you.

openssl x509 -noout -text -in /opt/bitnami/apache2/conf/server.crt -modulus | grep Modulus

Bitnami created this server key for you.

openssl rsa -noout -text -in /opt/bitnami/apache2/conf/server.key -modulus | grep Modulus

Step 1 - Create a private key and certificate signing request

Change directory to Apache config.

cd /opt/bitnami/apache2/conf/

Create a private, RSA key.

openssl genrsa -des3 -out myPrivKey.key 2048

Create a certificate.

openssl req -new -key myPrivKey.key -out myCert.csr

Complete this form.

Country Name (2 letter code) [XX]: US

State or Province Name (full name) []: California

Locality Name (eg, city) [Default City]: Los Angeles

Organization Name (eg, company) [Default Company Ltd]: Chris Mendez Inc. 

Organizational Unit Name (eg, section) []: I SKIP THIS

Common Name (eg, your name or your server's hostname) []: www.chrisjmendez.com

Email Address []: myemail@domain.com

This produces a public/private key pair but then extracts the public key into its own file.

openssl rsa -in myPrivKey.key -pubout > myPublicKey.pub

This is what you will paste into the SSL you purchase.

nano myCert.csr

The contents will look something like this.

Step 2 - Download files from your SSL issuer

Download the files from Godaddy.com or wherever you purchased your your SSL issuer (ca_bundle, cert, key).

Step 3 - Upload the files to your EC2 instance

You can use secure copy scp to upload your files from your local computer to EC2. In this command, we're uploading the files to a Bitnami specific folder on EC2.

scp -i /local/path/to/your/<key name>.pem /local/path/to/your/ssl/[certificates].zip bitnami@<ec2.ip.address>:/opt/bitnami/apache2/conf/

Step 4 - Unzip any files

If your files are in zip, gzip, or tar.gz format you'll need to unpack them.

unzip file.zip

Step 5 - Point EC2 instance to your new certificates

Open this file and make sure bitnami.conf is pointing to the certificates.

nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf

This is where you will modify your Virtual Host.

<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache2/htdocs"

  #CHANGED - ADDED THIS
  #I added this to see if I can enforce https
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

  <Directory "/opt/bitnami/apache2/htdocs">
  ...

Comment out the previous certificate + key information and add your own.

<VirtualHost _default_:443>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  SSLEngine on
#SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
 SSLCertificateFile "/opt/bitnami/apache2/conf/<name of certificate>.cert"
#SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
 SSLCertificateKeyFile "/opt/bitnami/apache2/conf/<name of key>.key"
 # This might not be available
 SSLCACertificateFile "/opt/bitnami/apache2/conf/<name of bundle>.cabundle"
 # This might not be available
 SSLCertificateChainFile "/opt/bitnami/apache2/conf/gd_bundle-g2-g1.crt"

  <Directory "/opt/bitnami/apache2/htdocs">
  ...

Step 6 - Double check + Restart

Best practice is to check your configuration before you restart.

apachectl configtest

If things look good, then let's restart Apache the Bitnami way.

sudo /opt/bitnami/ctlscript.sh restart apache

Step 7 - Install Really Simple SSL for WordPress

If you'd like to manage your SSL from within WordPress, I suggest Really Simple SSL plug-in.

Thanks!


Troubleshooting

Really Simple SSL

After installing Really Simple SSL, it may announce that you need to change the permissions of wp-config.php.

This is where you change the file:

cd /opt/bitnami/apps/wordpress/htdocs/

This changes the config to rwxrwx---

sudo chmod -v 770 daemon:daemon wp-config.php

This changes the owner.

sudo chown -v -R daemon:daemon wp-config.php

Resources