How to Renew Let’s Encrypt SSL Certificate Google Cloud Bitnami

Let’s Encrypt SSL is a free Certificate Authority (CA) that issues SSL certificate Google Cloud Bitnami. You can use these SSL certificates to secure traffic to and from your Bitnami application host.

This guide walks you through the process of generating a Let’s Encrypt SSL certificate for your domain and installing and configuring it to work with your Bitnami application stack.

This guide assumes that:

  • You have deployed a Bitnami application and the application is available at a public IP address so that the Let’s Encrypt process can verify your domain.
  • You have the necessary credentials to log in to the Bitnami application instance.
  • You own one or more domain names.
  • You have configured the domain name’s DNS record to point to the public IP address of your Bitnami application instance.

To launch the Bitnami HTTPS Configuration Tool, execute the following command and follow the prompts:

sudo /opt/bitnami/bncert-tool

Alternative Approach

test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."

Step 1: Install The Lego Client

The Lego client simplifies the process of Let’s Encrypt certificate generation. To use it, follow these steps:

  • Log in to the server console as the bitnami user.
  • Run the following commands to install the Lego client. Note that you will need to replace the X.Y.Z placeholder with the actual version number of the downloaded archive:
cd /tmp
curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -
tar xf lego_vX.Y.Z_linux_amd64.tar.gz
sudo mkdir -p /opt/bitnami/letsencrypt
sudo mv lego /opt/bitnami/letsencrypt/lego Step 2: Generate A Let’s Encrypt Certificate For Your Domain
  • Turn off all Bitnami services:
    sudo /opt/bitnami/ctlscript.sh stop
    
  • Request a new certificate for your domain as below, both with and without the www prefix.
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="35.237.200.3" --domains="35.237.200.3" --path="/opt/bitnami/letsencrypt" run

A set of certificates will now be generated in the /opt/bitnami/letsencrypt/certificates directory. This set includes the server certificate file DOMAIN.crt and the server certificate key file DOMAIN.key.

Step 5: Renew The Let’s Encrypt Certificate

Let’s Encrypt certificates are only valid for 90 days. To renew the certificate before it expires, run the following commands from the server console as the bitnami user. Remember to replace the DOMAIN placeholder with your actual domain name, and the EMAIL-ADDRESS placeholder with your email address.

sudo /opt/bitnami/ctlscript.sh stop
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="35.237.200.3" --path="/opt/bitnami/letsencrypt" renew --days 90
sudo /opt/bitnami/ctlscript.sh start

To automatically renew your certificates before they expire, write a script to perform the above tasks and schedule a cron job to run the script periodically. To do this:

  • Create a script at /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
    sudo nano /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
    
  • Enter the following content into the script and save it. Remember to replace the DOMAIN placeholder with your actual domain name, and the EMAIL-ADDRESS placeholder with your email address.

For Apache:

#!/bin/bash

sudo /opt/bitnami/ctlscript.sh stop apache
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="35.237.200.3" --path="/opt/bitnami/letsencrypt" renew --days 90
sudo /opt/bitnami/ctlscript.sh start apache

For NGINX:
#!/bin/bash

sudo /opt/bitnami/ctlscript.sh stop nginx
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="35.237.200.3" --path="/opt/bitnami/letsencrypt" renew --days 90
sudo /opt/bitnami/ctlscript.sh start nginx

  • Make the script executable:
    sudo chmod +x /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
    
  • Execute the following command to open the crontab editor:
    sudo crontab -e
    
  • Add the following lines to the crontab file and save it:
    0 0 1 * * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh 2> /dev/null
    • Srikanth Prakash
    • December 23, 2020
    Reply

    Hi, could you please let me know what is the command to use for saving and exiting? Also I have activated the SSL, thank you so much for that your video was very useful, but I have not completely done the Automatic Renewal Script. I have saved only the “For Apache” Code but not the Executable and Crontab. Can I do the Automatic Renewal Script again separately?

    • Reply

      Srikkanth – You can reach us by writing us an email our specialist will help you. Feel free to write us .
      If you are unable to renew your SSL automatically we will help you.

      thank you for your kind words

Click to edit this heading

View all projects