Amazon Lightsail is perfect for hosting WordPress websites that work efficiently. The cost is reasonable and comes at a discount when compared to Virtual Private Servers. But one thing we can wonder is, “How to add HTTPS support or encrypt our WordPress website using SSL?” Well, not only can it be done in Amazon Lightsail’s WordPress but it also comes at a free cost. If we use technologies like Let’s Encrypt, there is no additional cost for encrypting WordPress pages. You can deliver content to the users securely with Let’s Encrypt HTTPS for free once you get it up and running at your Amazon Lightsail WordPress instance. There’s also support for Cloudflare’s Universal SSL if you use it for DNS and other reasons.
Here are the steps to Encrypt WordPress Pages hosted at Amazon’s Lightsail using Free SSL Certificates from Let’s Encrypt Authority:
- Connect to your instance using SSH (Terminal).
- Update your packages
bitnami@ip:~$ sudo apt update
bitnami@ip:~$ sudo apt upgrade
Confirm your action when asked. - Create and change to the directory to install certbot
bitnami@ip:~$ sudo mkdir /opt/bitnami/letsencrypt
bitnami@ip:~$ cd /opt/bitnami/letsencrypt - Install certbot
bitnami@ip:~$ sudo wget https://dl.eff.org/certbot-auto - Give it executive privilege
bitnami@ip:~$ sudo chmod a+x ./certbot-auto - Run the certbot-auto script
bitnami@ip:~$ sudo ./certbot-auto - Generate the certificate for your domain with and without www
sudo ./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d www.domain.com -d domain.com
Replace domain with your actual domain name. - Give your email address and agree to terms when prompted.
- Link the generated certificate with apache
bitnami@ip:~$ sudo ln -s /etc/letsencrypt/live/www.domain.com/fullchain.pem /opt/bitnami/apache2/conf/server.crt
bitnami@ip:~$ sudo ln -s /etc/letsencrypt/live/www.domain.com/privkey.pem /opt/bitnami/apache2/conf/server.key
You might have to remove or rename the old server.crt and server.key file - Restart apache at the end
bitnami@ip:~$ sudo /opt/bitnami/ctlscript.sh restart apache
The steps might look a bit overwhelming, but if you enter your domain correctly and follow the steps by copying pasting the commands, you can easily get through. If you did everything correctly, you can now access your domain name using https:// instead of http://
If you are using Cloudflare for your DNS, then you can also use Cloudflare’s Full (strict) cryptography settings for your website. That means, connection between your user and cloudflare is encrypted along with the connection between cloudflare and Lightsail.