SOP for SSL on Main Domain via google cloud bitnami (Information)
How To Enable HTTPS Support With SSL Certificates?
NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server. |
Once you obtain the certificate and certificate key files ( check here), you will need to update your server to use them. Follow these steps to activate SSL support:
Identify the correct locations for your certificate
Use the table below to identify the correct locations for your certificate and configuration files.
Variable | Value |
Current application URL | https://[custom-domain]/ |
| Example: https://my-domain.com/ or https://my-domain.com/appname |
Apache configuration file | /opt/bitnami/apache2/conf/bitnami/bitnami.conf |
Certificate file | /opt/bitnami/apache2/conf/server.crt |
Certificate key file | /opt/bitnami/apache2/conf/server.key |
CA certificate bundle file (if present) | /opt/bitnami/apache2/conf/server-ca.crt |
Copy your SSL certificate and certificate key file to the specified locations.
NOTE: If you use different names for your certificate and key files, you should reconfigure the SSLCertificateFile and SSLCertificateKeyFile directives in the corresponding Apache configuration file to reflect the correct file names. |
Choose the correct directive based on your scenario and Apache version:
Variable | Value |
Apache configuration file | /opt/bitnami/apache2/conf/bitnami/bitnami.conf |
Directive to include (Apache v2.4.8+) | SSLCACertificateFile “/opt/bitnami/apache2/conf/server-ca.crt” |
Directive to include (Apache < v2.4.8) | SSLCertificateChainFile “/opt/bitnami/apache2/conf/server-ca.crt” |
NOTE: If you use a different name for your CA certificate bundle, you should reconfigure the SSLCertificateChainFile or SSLCACertificateFile directives in the corresponding Apache configuration file to reflect the correct file name. |
Make Certificates Readable on server
Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:
- sudo chown root:root /opt/bitnami/apache2/conf/server*
sudo chmod 600 /opt/bitnami/apache2/conf/server* - Open port 443 in the server firewall. Refer to the FAQ for more information.
- Restart the Apache server.
You should now be able to access your application using an HTTPS URL.
How to Restart Apache2 in Bitnami
sudo /opt/bitnami/ctlscript.sh restart apache
How To Install The WP Encrypt Plugin For Let’s Encrypt Certificate Generation?
Install the WP Encrypt plugin as follows:
- Log in to your server console.
- Create a directory for the Let’s Encrypt data:
- sudo mkdir -p /opt/bitnami/apps/wordpress/letsencrypt/live
sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/letsencrypt
sudo find /opt/bitnami/apps/wordpress/letsencrypt -type d -exec chmod 0775 {} \;
sudo find /opt/bitnami/apps/wordpress/letsencrypt -type f -exec chmod 0664 {} \;
- Edit the /opt/bitnami/apps/wordpress/wp-config.php file and add the line below to the end of the file. Save the changes.
- define(‘WP_ENCRYPT_SSL_CERTIFICATES_DIR_PATH’, ‘/opt/bitnami/apps/wordpress/letsencrypt/live’);
- Log in to your WordPress dashboard.
- Select the “Plugins -> Add New” option.
- Type “wp encrypt” in the search box.
- Install the “WP Encrypt” plugin by clicking the “Install Now” button.
- Once installed, click the “Network Activate” button to activate the plugin.
- On the “Settings -> WP Encrypt -> Account Settings” page, enter the organization name, country name and country code. These values are required to generate a certificate. Click “Save Changes” to save the settings.
- Click the “Register Account” button to register an account with Let’s Encrypt.
- Once the account has been successfully registered, click the “Generate Certificate” button to generate the actual certificate.
- If Generate Certificate is showing error to generate the certificate wait for 24 hours.
- Restart Apache2 in Bitnami
sudo /opt/bitnami/ctlscript.sh restart apache