I have a ton of websites (clients’ as well as mine) that sit on a Bitnami LAMP stack on AWS servers, mostly Amazon Lightsail. Almost all of them have SSL installed via Bitnami’s bncert-tool. Primarily because it’s simple to use to install and the SSL renewal is also taken care of, by a corn job that gets added to the crontab at the time of installation. This approach has been flawless so far.
If you don’t already know, feel free to check out this article about How To Install Letsencrypt SSL certificate on Amazon Lightsail via the bncert-tool.
Recently, however, a few of my websites hosted on AWS Lightsail became inaccessible due to expired SSL certificates as the autorenew did not happen. So, I had to go and renew them manually.
Renew Letsencrypt SSL certificate via the bncert-tool
The process is simple and involves only a few steps as listed below:
- Stop webserver
- Run the SSL renewal command with all the domain(s) in question
- Start the webserver
To begin with, the web server (Apache) needs to be stopped. In order to do that, run the following command:
sudo /opt/bitnami/ctlscript.sh stop
Next, we need to run the certificate renewal command. The same is mentioned below, just edit it with your domain name(s) and email id before running them in the terminal.
sudo /opt/bitnami/letsencrypt/lego --tls --email="your@email_address.com" --domains="www.your_domain_name.in" --path="/opt/bitnami/letsencrypt" renew
Now, for every website, you would generally need certificates for both the www and non-www versions of the domain in question. Bitnami says that multiple domains can be added in the single command given above to renew the certificates. However, the same did not work as expected for me. So, I had to run the command twice, once each for the www and the non-www version of the website.
So, after running the command above, do run the command below (with your domain name & email id), if you too, weren’t able to run the above command with multiple domains (www & non-www) at once.
sudo /opt/bitnami/letsencrypt/lego --tls --email="your@email_address.com" --domains="your_domain_name.in" --path="/opt/bitnami/letsencrypt" renew
On a successful run, you will see relevant messages on the terminal, something on the lines of what you see in the image below:
After this, all that needs to be done is to restart the webserver. To do that, run the command given below:
sudo /opt/bitnami/ctlscript.sh start
That should do it!