How To Install Let’s Encrypt SSL Certificate on Google Cloud Compute with a Bitnami Stack

So wanted to do this for some time now and got the chance to do this now as I wanted to share something new everyday.

Let’s Encrypt is a free, automated and open Certificate Authority. Today I learned it was not straight forward to install.

I first tried to add the ppa certbot and when I tried to install python certbot app I got errors on dependencies. I then tried certbot-auto script which was successful but my site was still not showing as being secured by SSL.

Finally the following worked for me.

Here are the steps to install the SSL
Login to shell on your google cloud instance
ssh -i xx_gca key bitnami@ipaddress

Change directory
cd /tmp

Run the following command – replace the version with the latest version from github

curl -s | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i - tar xf lego_v1.0.1_linux_amd64.tar.gz

Untar the file
tar xf lego_v1.0.1_linux_amd64.tar.gz

Make the lego executable by copying to the binary directory

sudo mv lego /usr/local/bin/lego

Stop your server
sudo /opt/bitnami/ stop

Run the lego client
sudo lego --email="" --domains="" --domains="" --path="/etc/lego" run

Backup your existing certificates by renaming them
mv server.key server.key.2018

Copy the server certficates from /etc/lego/certificate to /opt/bitnami/apache2/conf

Change directory and go to
cd /opt/bitnami/apps/wordpress/conf

Edit the following httpd-app.conf file
sudo vi httpd-app.conf

Add the following conditions and rule
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L]

Finally start back the server
sudo /opt/bitnami/ start

Reload your website and check the URL, you should now be secured with an SSL

That should get your going.

Other things to note:

  • certificates only valid for 90 days
  • suggestions is to auto renew
  • certificates are free and can be used on websites, ftp servers, mail servers
  • need an ACME client

On my next tutorial, I’ll show you to setup a cron job to auto renew the certificate.

Leave a Reply

Your email address will not be published. Required fields are marked *