After SSL purchase or creation, we collect all the certificate files from the customer and configure the web server to use it in the website. For instance, in Apache web server, it involves the following changes.
Firstly, we copy the actual SSL certificate and key file to the folder /opt/bitnami/apache2/conf. Once done,, we check and confirm the following entries in the file /opt/bitnami/apache2/conf/bitnami/bitnami.conf :
SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
SSLCACertificateFile "/opt/bitnami/apache2/conf/server-ca.crt"
Then restart the web server to make the SSL available on the Lightsail instance.
Forcing Website to use SSL
After I did all the previous steps the certificates were set up but the site was still using HTTP. In order to force Apache to use HTTPS you will have to do a couple of changes.
Open /opt/bitnami/apps/APPNAME/conf/httpd-prefix.conf in an editor. Make sure you first substitute APPNAME with the name of the app you are using. In my case, that was ‘wordpress’. Add the following lines at the top of the file:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
Unless you have some specific Apache configuration, it should be enough to add the following lines in the default Apache virtual host configuration file at /opt/bitnami/apache2/conf/bitnami/bitnami.conf, inside the default VirtualHost directive:
<VirtualHost _default_:80>
DocumentRoot "/opt/bitnami/apache2/htdocs"
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
Restart all the services
Before starting everything up, make sure that the 433 port is open on your Lightsail console.
To start all the services again, run:
sudo /opt/bitnami/ctlscript.sh start