How To Install SSL Certificate on AWS LightSail using bncert-tool?

How To Install SSL on AWS LightSail

Configuring new servers for most of my new Laravel projects is something I do on a very regular basis. And once set up, the first thing I do, after pointing the app to the domain is set up HTTPS on the AWS Lighsail instance.

The process of installing SSL on an AWS Lightsail instance is slightly different from setting up SSL on an EC2 instance of Amazon Web Services.

Over the years, I have installed SSL on AWS servers using various methods. Out of all the methods, the one that I find to be the simplest is the one using the bncert-tool (Bitnami’s SSL installation and management tool).

It’s literally, just a single line of code, and a few additional steps. In short, here’s how to install letsencrypt certificate on a Bitnami LAMP stack, using bncert-tool:

  • Run the bncert-tool
  • Pass in the required details viz., the domains for which the SSL certificate is needed
  • An email id to associate the account with
  • Acceptance of terms and conditions
  • Choosing the preferred redirection options (non-www to www or www to non-www)
  • Restart Apache webs

To install a new SSL certificate for your domain, I use the following command on the terminal:


sudo /opt/bitnami/bncert-tool

On a fresh stack, you might find an error saying the following:

command not found

If you see this, then it means, the bncert-tool isn’t on the server and you will have to install it first, to be able to use it. If it is already installed on the system and you do not get the error above and get a prompt to enter the domain names, then you can skip the installing bncert-tool part and skip to STEP 2.

How to Install bncert-tool on Amazon Lightsail Instance?

Installing the bncert-tool is a multi-step but straightforward procedure. To install the tool use the following commands:

test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."
wget -O

sudo mkdir /opt/bitnami/bncert

sudo mv /opt/bitnami/bncert/

sudo chmod +x /opt/bitnami/bncert/

sudo ln -s /opt/bitnami/bncert/ /opt/bitnami/bncert-tool

Once installed, run the bncert-tool.


Enter the domain names your want to generate an SSL certificate for. Here, type both the www and non-www versions of your domain, separated by a space.

Enter the details and hit Enter/Return once done.


Next, you will be prompted to confirm whether you would like to redirect from the non-www version of your domain to its www version. I prefer this. so I enter Y here and hit enter.


Next, you are asked the opposite of what you were asked in the last step. Naturally, I enter N here and hit enter.


Next, you are asked to enter your email id. Do the needful and hit enter.


Next, you will have to agree to the T&C and hit enter.

The tool will do its thing for a few moments and then finally give you a success message.

If you now go to your domain, you should see the green padlock on the address bar of your browser.

SSL installed!

Share This Post

Leave a Comment

Your email address will not be published. Required fields are marked *

Subscribe To my Future Posts

Get notified whenever I post something new

More To Explore