Issuing a free Let’s Encrypt SSL certificates in Bitnami is an issue a lot of users struggle with. It’s the most common request I receive on my Bitnami Bug Fixing service. While it’s not very hard to generate letsencrypt certificates with Bitnami, it sometimes require some additional steps. Specially for setting up auto renewals. This post intends to teach you how to setup Let’s Encrypt SSL Certificate Auto-renew in Bitnami.
Issue a Let's Encrypt SSL Certificate for Bitnami Application
Let’s look into generating and installing an SSL certificate in Bitnami first. This process is fairly simple. Start by stopping Bitnami services,
sudo /opt/bitnami/ctlscript.sh stop
Next command will request a SSL certificate from Let’s Encrypt. You need to have your DNS properly configured and your domain pointing to the server IP address.
Remember to change email@domain.com and domain.com with your email address and domain name.
sudo /opt/bitnami/letsencrypt/lego --tls --email="email@domain.com" --domains="domain.com" --domains="www.domain.com" --path="/opt/bitnami/letsencrypt" run
As you can see, we’ve requesting an SSL certificate for both www and non-www versions of your domain. This command will issue an SSL certificate and install it in your Bitnami server. sudo: /opt/bitnami/letsencrypt/lego: command not found is a common error on this step.
Start Bitnami services,
sudo /opt/bitnami/ctlscript.sh start
This should bring your website back up behind a free Let’s Encrypt certificate.
Automatically Renew Let's Encrypt SSL Certificate in Bitnami
SSL certificates issued by Let’s Encrypt are only valid for 90 days. You need to renew your SSL certificate before 90 days or your site will start showing a warning to visitors. You can use following command to renew the SSL certificate manually.
sudo /opt/bitnami/letsencrypt/lego --tls --email="email@domain.com" --domains="domain.com" --domains="www.domain.com" --path="/opt/bitnami/letsencrypt" renew --days 90
You’ll have to stop Bitnami services before executing this command and start after the command is successful. While this gets the job done, chances of forgetting to do this every 90 or so days is high. That’s why we’re going to create a script that does Let’s Encrypt SSL Certificate Auto-renew in Bitnami. You can set this up once and forget about it forever.
Let’s start by creating a directory to hold our script,
sudo mkdir -p /opt/bitnami/letsencrypt/scripts
Create the script,
sudo nano /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
Paste following content and modify email address and domain,
sudo /opt/bitnami/ctlscript.sh stop
sudo /opt/bitnami/letsencrypt/lego --tls --email="email@domain.com" --domains="domain.com" --domains="www.domain.com" --path="/opt/bitnami/letsencrypt" renew --days 90
sudo /opt/bitnami/ctlscript.sh start
Make the script executable,
sudo chmod +x /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
Our script is now ready. We will use crontab to execute this script every month. The first day of every month to be exact. So open crontab,
sudo crontab -e
Save following line in the file,
0 0 1 * * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh 2> /dev/null
That’s all you need to do to get Let’s Encrypt SSL Certificate Auto-renew in Bitnami.
