Tag Archives: Transport Layer Security

Let’s Encrypt AWS Lightsail with WordPress

SSL all things is a good thing, especially if you allow for user interaction. This includes clicking on links, writing comments or simply navigating your sight.


Let’s Encrypt is a free service that allows you to add Transport Layer Security (TLS) to any website for free. When you see the green padlock, this means that the sight is protecting its users from malicious scripts that inject them selves between the user and the sight. The documentation is well written but does not cover the what is needed to get it working on AWS Lightsail.

The Basics

I found this article that really describes the first half of the problem. It tells you how to enable TLS through the use of a Let’s Encrypt certificate: http://www.alondiamant.com/2016-12-20-using-lets-encrypt-certificates-with-wordpress-on-amazon-lightsail?utm_content=buffer27ff6&utm_medium=social&utm_source=plus.google.com&utm_campaign=buffer

What it doesn’t do is tell you how to ensure that only the encrypted version of your site is used.


The rest of this article is assuming you are in an SSH shell.

To force redirection from http to https, there are some settings you need to change and delete.

First thing is to make a backup of your configuration. This way you can recover if you make a mistake.

sudo cp -I /opt/bitnami/apache2/conf/bitnami/bitnami.conf /opt/bitnami/apache2/conf/bitnami/bitnami.conf.bak

Then you are going to edit the config file. I will use ‘Nano’ to do this as it is a reasonably friendly editor for most people.

sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf

Once editing you will delete lines from the file. This can be done by using the arrow keys to move to the line and then pressing Ctrl+k.

You will want to delete everything between the <VirtualHost _default_:80> and the closing </VirtualHost> tags.

You will want to replace them such that the tag now looks like:

<VirtualHost _default_:80>
ServerName [your server name eg: www.mydomain.com]
ServerAlias *.[your root domain eg: mydomain.com]
Redirect / https://[your sever name]

Then you will exit Nano by hitting Ctrl+x. You will be asked “Save modified buffer (ANSWERING “No” WILL DESTROY CHANGES) ?” Type a capital ‘Y’. Then when you are asked “Name of File:” just hit Enter.

Restarting Apache

Lastly you will need to restart Agache.

sudo /opt/bitnami/ctlscript.sh restart apache

Now to test your site.


Your certificate is only valid for 3 months. So you will want to setup a Cron job to renew it.