generaltrac

Auto-configure a Let's Encrypt certificate

Bitnami HTTPS Configuration Tool

IMPORTANT: The Bitnami HTTPS Configuration Tool does not support configuring NGINX web servers yet. If you use NGINX, please refer to the legacy script section.

The Bitnami HTTPS Configuration Tool is a command line tool for configuring mainly HTTPS certificates on Bitnami stacks, but also common features such as automatic renewals, redirections (e.g. HTTP to HTTPS), etc. This tool is located in the installation directory of the stack at /opt/bitnami.

To launch the Bitnami HTTPS Configuration Tool, execute the following command:

$ sudo /opt/bitnami/bncert-tool

Refer to the How-To Guide for more information on this, or in case the tool does not exist within your Bitnami stack.

NOTE: To manually generate and install Let’s Encrypt certificates, follow this alternative approach.

Legacy script

IMPORTANT: This script will be deprecated soon, please use the Bitnami HTTPS Configuration Tool instead if your installation supports it.

Some Bitnami stacks include a small script that takes care of generating a valid certificate using Let’s Encrypt and configuring the web server to use it. That script uses Lego to run the Let’s Encrypt certificate generation commands. You can find the script inside the /opt/bitnami/letsencrypt/ directory.

To auto-configure a Let’s Encrypt certificate in your stack for a domain, execute the script both with and without the www prefix parameters. Replace the YOURMAIL and YOURDOMAIN placeholders with your current email address and with the domain name.

$ sudo /opt/bitnami/letsencrypt/scripts/generate-certificate.sh -m YOURMAIL -d YOURDOMAIN -d www.YOURDOMAIN

NOTE: You can use more than one domain by specifying the -d option as many times as domains you want to specify. When supplying multiple domains, Lego creates a SAN (Subject Alternate Names) certificate which results in only one certificate valid for all domains you entered. The first domain in your list will be added as the “CommonName” of the certificate and the rest, will be added as “DNSNames” to the SAN extension within the certificate.

This video shows you how easy it is to generate a valid certificate for your stack using the Bitnami auto-configure Let’s Encrypt tool:

Add one or more domains to an existing certificate

To add one or more domains to an existing certificate, follow these instructions:

  • Delete the existing certificates.
  • Restore the Bitnami configuration.
  • Execute the command to generate a new certificate as shown below:

    NOTE: Remember to include the new domain(s) with additional -d options in the command line. Replace the YOURMAIL, YOURDOMAIN and YOUROTHERDOMAIN placeholders with your current email address, the current domain name and the additional domain name to be added.

    $ cd /opt/bitnami/apache2/conf/
    $ sudo rm -rf YOURDOMAIN*
    $ cd bitnami
    $ sudo mv bitnami.conf.back bitnami.conf
    $ sudo /opt/bitnami/letsencrypt/scripts/generate-certificate.sh -m YOURMAIL -d YOURDOMAIN -d www.YOURDOMAIN -d YOUROTHERDOMAIN
    

NOTE: To manually generate and install Let’s Encrypt certificates, follow this alternative approach.

Last modification May 23, 2019