It is super easy to install SSL certificate (not Let Encrypt) in Lightsail with apach2/openssl. We installed a certificate from Sectigo which is issued for one year.
Follow the steps
Prepare the server
sudo apt-get install software-properties-common opensslStop Apache
sudo /opt/bitnami/ctlscript.sh stopGenerate CSR and private key first
openssl req -newkey rsa:2048 -keyout private.key -out domain.csrGet the Certificate from Authority
Unzip it you will find server.crt and chain_ca.crt
SCP upload the ssl file to Lightsail
(you will need to download instance default key, same folder and set file permission to 600 else it wont work)
sudo scp -i lightsail.pem ./file.zip bitnami@IP:~/Locate Apache configuration file
sudo nano /opt/bitnami/apache/conf/bitnami/bitnami-ssl.confThe SSL file paths should be as follows, probably you will need the last line for CA bundle.
SSLCertificateFile "/opt/bitnami/apache/conf/bitnami/certs/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache/conf/bitnami/certs/server.key"
SSLCertificateChainFile "/opt/bitnami/apache/conf/bitnami/certs/rootca.crt"Replace 3 files to the destination (use mv command)
- Domain certificate issued by CA (domain.crt)
- Private key you used when generating CSR (private.key)
- CA bundle
sudo mv domain.crt /opt/bitnami/apache/conf/bitnami/certs/server.crt
sudo mv private.key /opt/bitnami/apache/conf/bitnami/certs/server.key
sudo mv ca_bundle.crt /opt/bitnami/apache/conf/bitnami/certs/rootca.crtRestart apache and set the cloudflare SSL to strict.
Note: If you want to install lets encrypt (issued every 90 days), please follow the installation instructions. It needs symbolic links.
Cloudflare
Dont buy OV or EV certificates, if you use cloudflare or CDN. These are invisible to end users and waste of money outdated. These certificates are installed at origin server encrypts traffic between origin and cloudflare. Cloudflare installs lets encrypt certificates between browser and cloudflare traffic making any certs you install are invisible.
