How To Renew SSL Using bncert-tool on Amazon Lightsail – Bitnami LAMP Stack?

How To Renew SSL Using bncert-tool on Amazon Lightsail - Bitnami LAMP Stack

I have a ton of websites (clients’ as well as mine) that sit on a Bitnami LAMP stack on AWS servers, mostly Amazon Lightsail. Almost all of them have SSL installed via Bitnami’s bncert-tool. Primarily because it’s simple to use to install and the SSL renewal is also taken care of, by a corn job that gets added to the crontab at the time of installation. This approach has been flawless so far.

If you don’t already know, feel free to check out this article about How To Install Letsencrypt SSL certificate on Amazon Lightsail via the bncert-tool.

Recently, however, a few of my websites hosted on AWS Lightsail became inaccessible due to expired SSL certificates as the autorenew did not happen. So, I had to go and renew them manually.

Renew Letsencrypt SSL certificate via the bncert-tool

The process is simple and involves only a few steps as listed below:

  • Stop webserver
  • Run the SSL renewal command with all the domain(s) in question
  • Start the webserver

To begin with, the web server (Apache) needs to be stopped. In order to do that, run the following command:

sudo /opt/bitnami/ctlscript.sh stop

Next, we need to run the certificate renewal command. The same is mentioned below, just edit it with your domain name(s) and email id before running them in the terminal.

sudo /opt/bitnami/letsencrypt/lego --tls --email="your@email_address.com" --domains="www.your_domain_name.in" --path="/opt/bitnami/letsencrypt" renew

Now, for every website, you would generally need certificates for both the www and non-www versions of the domain in question. Bitnami says that multiple domains can be added in the single command given above to renew the certificates. However, the same did not work as expected for me. So, I had to run the command twice, once each for the www and the non-www version of the website.

So, after running the command above, do run the command below (with your domain name & email id), if you too, weren’t able to run the above command with multiple domains (www & non-www) at once.

sudo /opt/bitnami/letsencrypt/lego --tls --email="your@email_address.com" --domains="your_domain_name.in" --path="/opt/bitnami/letsencrypt" renew

On a successful run, you will see relevant messages on the terminal, something on the lines of what you see in the image below:

Successfully renewed

After this, all that needs to be done is to restart the webserver. To do that, run the command given below:

sudo /opt/bitnami/ctlscript.sh start

That should do it!

Share This Post

Leave a Comment

Your email address will not be published. Required fields are marked *

Subscribe To my Future Posts

Get notified whenever I post something new

More To Explore