2-Forward the domain to the instance’s public IP. For example, for the domain example.com this usually this means an A DNS record for example.com and CNAME DNS record for www.example.com to example.com.
3-Verify that the website is accessible via HTTP and HTTPS. You’ll get a warning about the HTTPS certificate.
4-SSH into the instance.
5-Create a temporary directory:
chmod a+x certbot-auto
7-Create a .well-known directory in the WordPress htdocs directory:
sudo mkdir /opt/bitnami/apps/wordpress/htdocs/.well-known
8-Make .well-known folder writable:
sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs/.well-known
9-Create a .htaccess file in that directory:
10-Add the following contents to the .htaccess file, to make the .well-known directory accessible:
# Override overly protective .htaccess in webroot
11-You can edit the file through FTP (recommended) or by using nano or vi, e.g.:
12-Run certbot. Make sure you configure everything as expected and input a real email address when required:
./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d example.com -d www.example.com
13-Of course, change example.com to the name of your domain.
14-If all executes as expected, you’ll see a message congratulating you for successfully acquiring the certificates you required.
15-Next, edit the Apache configuration file
sudo vi /opt/bitnami/apache2/conf/bitnami/bitnami.conf
16-Comment out (by adding a # in the beginning of the line) the following lines:
17-Add the following lines below:
# Let's Encrypt
18-Of course, change example.com to the name of the domain.
sudo /opt/bitnami/ctlscript.sh restart apache
You should see the following output:
/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80
You can check to see whether the correct certificate appears when you access the website at https://www.example.com
Note that Let’s Encrypt certificates expire after 90 days. We can manually renew the certificates every 90 by running these lines:
cd tmp ./certbot-auto renew
Or by setting up a cronjob that will auto renew the certificate for us.