googlesilverstripe

Auto-configure a Let's Encrypt certificate

Bitnami already includes a small tool that takes care of generating a valid certificate using Let’s Encrypt and configuring the web server to use it. That tool uses lego to run the Let’s Encrypt certificate generation commands. You can find the script inside the /opt/bitnami/letsencrypt/ directory.

Execute the following command to auto-configure a Let’s Encrypt certificate in your stack for a domain, both with and without the www prefix. Replace the YOURMAIL and YOURDOMAIN placeholders with your current email and with the new domain name you want to set.

$ sudo /opt/bitnami/letsencrypt/scripts/generate-certificate.sh -m YOURMAIL -d YOURDOMAIN -d www.YOURDOMAIN

NOTE: You can use more than one domain by specifying the -d option as many times as domains you want to specify. When supplying multiple domains, Lego creates a SAN (Subject Alternate Names) certificate which results in only one certificate valid for all domains you entered. The first domain in your list will be added as the “CommonName” of the certificate and the rest, will be added as “DNSNames” to the SAN extension within the certificate.

This video shows you how easy it is to generate a valid certificate for your stack using the Bitnami auto-configure Let’s Encrypt tool:

To add one or more domains to an existing certificate, delete the existing certificates, restore the Bitnami configuration and execute the command again to generate a new certificate, remembering to include the new domain(s) with additional -d options in the command line. The following commands illustrate the process. Replace the YOURMAIL, YOURDOMAIN and YOUROTHERDOMAIN placeholders with your current email address, the current domain name and the additional domain name to be added.

$ cd /opt/bitnami/apache2/conf/
$ rm -rf YOURDOMAIN*
$ cd bitnami
$ sudo mv bitnami.conf.back bitnami.conf
$ sudo /opt/bitnami/letsencrypt/scripts/generate-certificate.sh -m YOURMAIL -d YOURDOMAIN -d www.YOURDOMAIN -d YOUROTHERDOMAIN

NOTE: If your Bitnami image does not include the Let’s Encrypt auto-configuration script, you will need to manually generate and install the Let’s Encrypt certificates following this alternative approach.

Last modification April 11, 2019