Letsencrypt-win-simple review existed certificate

Amazon Lightsail makes it easy to secure your websites and applications with SSL/TLS using Lightsail load balancers. However, using a Lightsail load balancer might not generally be the right choice. Perhaps your site doesn't need the scalability or fault tolerance that load balancers provide, or maybe you're optimizing for cost. In the latter case, you might consider using Let's Encrypt to obtain a free SSL certificate. If so, that's no problem. You can integrate those certificates with Lightsail instances.

In the latter case, you might consider using Let's Encrypt to obtain a free SSL certificate. If so, that's no problem. You can integrate those certificates with Lightsail instances. This tutorial shows you how to request a Let’s Encrypt wildcard certificate using Certbot, and integrate it with your WordPress instance using the Really Simple SSL plugin.

Important The steps outlined in this tutorial show you how to implement an SSL/TLS certificate using a manual process. However, Bitnami offers a more automated process that uses the Bitnami HTTPS configuration (

sudo apt-add-repository ppa:certbot/certbot -y

4. tool that is typically pre-installed on WordPress instances in Lightsail. We highly recommend that you use that tool instead of following the manual steps in this tutorial. This tutorial was written before the

   sudo apt-add-repository ppa:certbot/certbot -y

   4 tool became available. For more information about using the

   sudo apt-add-repository ppa:certbot/certbot -y

   4 tool, see Enabling HTTPS on your WordPress instance in Amazon Lightsail.

   The Linux distribution used by Bitnami instances changed from Ubuntu to Debian in July, 2020. Because of this change, some of the steps in this tutorial will differ depending on the Linux distribution of your instance. All Bitnami blueprint instances created after the change use the Debian Linux distribution. Instances created before the change will continue to use the Ubuntu Linux distribution. To check the distribution of your instance, run the

   sudo apt-add-repository ppa:certbot/certbot -y

   7command. The response will show either Ubuntu or Debian as your instance's Linux distribution.
5. Bitnami is in the process of modifying the file structure for many of their stacks. The file paths in this tutorial may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and which approach to follow, run the following command:

   sudo apt-add-repository ppa:certbot/certbot -y

   8

Contents

Before getting started

You should consider the following before getting started with this tutorial:

Use the Bitnami HTTPS configuration (

sudo apt-add-repository ppa:certbot/certbot -y

4. tool instead

The steps outlined in this tutorial show you how to implement an SSL/TLS certificate using a manual process. However, Bitnami offers a more automated process that uses the Bitnami HTTPS configuration (

sudo apt-add-repository ppa:certbot/certbot -y

4. tool that is typically pre-installed on WordPress instances in Lightsail. We highly recommend that you use that tool instead of following the manual steps in this tutorial. This tutorial was written before the

sudo apt-add-repository ppa:certbot/certbot -y

4 tool became available. For more information about using the

sudo apt-add-repository ppa:certbot/certbot -y

4 tool, see Enabling HTTPS on your WordPress instance in Amazon Lightsail.

Identify the Linux distribution of your WordPress instance

The Linux distribution used by Bitnami instances changed from Ubuntu to Debian in July, 2020. All Bitnami blueprint instances created after the change use the Debian Linux distribution. Instances created before the change will continue to use the Ubuntu Linux distribution. Because of this change, some of the steps in this tutorial will differ depending on the Linux distribution of your instance. You must identify the Linux distribution of your instance so that you know which steps in this tutorial to use. To identify the Linux distribution of your instance, run the

sudo apt-add-repository ppa:certbot/certbot -y

7command. The response will show either Ubuntu or Debian as your instance's Linux distribution.

Identify the tutorial approach that applies to your instance

Bitnami is in the process of modifying the file structure for many of their stacks. The file paths in this tutorial may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and which approach to follow, run the following command:

sudo apt-get update -y

4

Step 1: Complete the prerequisites

Complete the following prerequisites if you haven’t already done so:

• Create a WordPress instance in Lightsail. To learn more, see Create an Amazon Lightsail instance.
• Register a domain name, and get administrative access to edit its DNS records. To learn more, see DNS in Amazon Lightsail. We recommend that you manage your domain’s DNS records using a Lightsail DNS zone. To learn more, see Creating a DNS zone to manage your domain’s DNS records in Amazon Lightsail.
• Use the browser-based SSH terminal in the Lightsail console to perform the steps in this tutorial. However, you can also use your own SSH client, such as PuTTY. To learn more about configuring PuTTY, see Download and set up PuTTY to connect using SSH in Amazon Lightsail.

After you've completed the prerequisites, continue to the of this tutorial.

Step 2: Install Certbot on your Lightsail instance

Certbot is a client used to request a certificate from Let’s Encrypt and deploy it to a web server. Let's Encrypt uses the ACME protocol to issue certificates, and Certbot is an ACME-enabled client that interacts with Let's Encrypt.

To install Certbot on your Lightsail instance

1. Sign in to the Lightsail console.
2. On the Lightsail home page, choose the SSH quick connect icon for the instance that you want to connect to.
3. After your Lightsail browser-based SSH session is connected, enter the following command to update the packages on your instance:

   sudo apt-get update
4. Enter the following command to install the software properties package. Certbot’s developers use a Personal Package Archive (PPA) to distribute Certbot. The software properties package makes it more efficient to work with PPAs.

   sudo apt-get install software-properties-common

   Note

If you encounter a

5 error when running the

6 command, please wait approximately 15 minutes and try again. This error may be caused by a cron job that is using the Apt package management tool to install unattended upgrades.

5. Enter the following commands to install the GPG package, and add Certbot to the local apt repository: Note

Step 5 applies only to instances that use the Ubuntu Linux distribution. Skip this step if your instance uses the Debian Linux distribution.

6. Enter the following command to update apt to include the new repository:

   sudo apt-get update -y

7. Enter the following command to install Certbot:

   sudo apt-get install certbot -y

   Certbot is now installed on your Lightsail instance.
8. Keep the browser-based SSH terminal window open—you return to it later in this tutorial. Continue to the of this tutorial.

Step 3: Request a Let’s Encrypt SSL wildcard certificate

Begin the process of requesting a certificate from Let’s Encrypt. Using Certbot, request a wildcard certificate, which lets you use a single certificate for a domain and its subdomains. For example, a single wildcard certificate works for the

sudo apt-get update -y

7 top-level domain, and the

sudo apt-get update -y

8, and

sudo apt-get update -y

9 subdomains.

To request a Let’s Encrypt SSL wildcard certificate

1. In the same browser-based SSH terminal window used in step 2 of this tutorial, enter the following commands to set an environment variable for your domain. You can now more efficiently copy and paste commands to obtain the certificate. Be sure to replace

   sudo apt-get install certbot -y

   0 with the name of your registered domain.

   DOMAIN=domain

   WILDCARD=*.$DOMAIN

   Example:

   DOMAIN=example.com

   WILDCARD=*.$DOMAIN

2. Enter the following command to confirm the variables return the correct values:

   sudo apt-get install software-properties-common

   0 You should see a result similar to the following:
3. Enter the following command to start Certbot in interactive mode. This command tells Certbot to use a manual authorization method with DNS challenges to verify domain ownership. It requests a wildcard certificate for your top-level domain, as well as its subdomains.

   sudo apt-get install software-properties-common

   1
4. Enter your email address when prompted, because it’s used for renewal and security notices.
5. Read the Let’s Encrypt terms of service. When done, press A if you agree. If you disagree, you cannot obtain a Let’s Encrypt certificate.
6. Respond accordingly to the prompt to share your email address and to the warning about your IP address being logged.
7. Let’s Encrypt now prompts you to verify that you own the domain specified. You do this by adding TXT records to the DNS records for your domain. A set of TXT record values are provided as shown in the following example:

   Note

Let's Encrypt may provide a single or multiple TXT records that you must use for verification. In this example, we were provided with two TXT records to use for verification.

8. Keep the Lightsail browser-based SSH session open—you return to it later in this tutorial. Continue to the of this tutorial.

Step 4: Add TXT records to your domain’s DNS zone in Lightsail

Adding a TXT record to your domain’s DNS zone verifies that you own the domain. For demonstration purposes, we use the Lightsail DNS zone. However, the steps might be similar for other DNS zones typically hosted by domain registrars.

Note To learn more about how to create a Lightsail DNS zone for your domain, see Creating a DNS zone to manage your domain’s DNS records in Lightsail.

To add TXT records to your domain’s DNS zone in Lightsail

1. On the Lightsail home page, choose the Domains & DNS tab.
2. Under the DNS zones section of the page, choose the DNS Zone for the domain that you specified in the Certbot certificate request.
3. In the DNS zone editor, choose DNS records.
4. Choose Add record.
5. In the Record type drop-down menu, choose TXT record.
6. Enter the values specified by the Let’s Encrypt certificate request into theRecord name and Responds with fields.

   Note

The Lightsail console pre-populates the apex portion of your domain. For example, if you want to add the

1 subdomain, then you only have to enter

2 into the text box, and Lightsail adds the

3 portion for you when you save the record.

7. Choose Save.
8. Repeat steps 4 through 7 to add the second set of TXT records specified by the Let’s Encrypt certificate request.
9. Keep the Lightsail console browser window open—you return to it later in this tutorial. Continue to the of this tutorial.

Step 5: Confirm that the TXT records have propagated

Use the MxToolbox utility to confirm that the TXT records have propagated to the Internet’s DNS. DNS record propagation might take a while depending on your DNS hosting provider, and the configured time to live (TTL) for your DNS records. It is important that you complete this step, and confirm that your TXT records have propagated, before continuing your Certbot certificate request. Otherwise, your certificate request fails.

To confirm the TXT records have propagated to the Internet’s DNS

1. Open a new browser window and go to https://mxtoolbox.com/TXTLookup.aspx.
2. Enter the following text into the text box. Be sure to replace

   sudo apt-get install certbot -y

   0 with your domain.

   sudo apt-get install software-properties-common

   2 Example:

   sudo apt-get install software-properties-common

   3
3. Choose TXT Lookup to run the check.
4. One of the following responses occurs:
   • If your TXT records have propagated to the Internet’s DNS, you see a response similar to the one shown in the following screenshot. Close the browser window and continue to the of this tutorial.
   • If your TXT records have not propagated to the Internet’s DNS, you see aDNS Record not found response. Confirm that you added the correct DNS records to your domains’ DNS zone. If you added the correct records, wait a while longer to let your domain’s DNS records propagate, and run the TXT lookup again.

Step 6: Complete the Let’s Encrypt SSL certificate request

Go back to the Lightsail browser-based SSH session for your WordPress instance and complete the Let’s Encrypt certificate request. Certbot saves your SSL certificate, chain, and key files to a specific directory on your WordPress instance.

To complete the Let’s Encrypt SSL certificate request

1. In the Lightsail browser-based SSH session for your WordPress instance, pressEnter to continue your Let’s Encrypt SSL certificate request. If successful, a response similar to the one shown in the following screenshot appears:
   The message confirms that your certificate, chain, and key files are stored in the

   sudo apt-get install certbot -y

   5 directory. Make sure to replace

   sudo apt-get install certbot -y

   0 with your domain, such as

   sudo apt-get install certbot -y

   7.
2. Make note of the expiration date specified in the message. You use it to renew your certificate by that date.
3. Now that you have the Let’s Encrypt SSL certificate, continue to the of this tutorial.

Step 7: Create links to the Let’s Encrypt certificate files in the Apache server directory

Create links to the Let’s Encrypt SSL certificate files in the Apache server directory on your WordPress instance. Also, back up your existing certificates, in case you need them later.

To create links to the Let’s Encrypt certificate files in the Apache server directory

1. In the Lightsail browser-based SSH session for your WordPress instance, enter the following command to stop the underlying services:

   sudo apt-get install software-properties-common

   4 You should see a response similar to the following:
2. Enter the following command to set an environment variable for your domain. You can more efficiently copy and paste commands to link the certificate files. Be sure to replace

   sudo apt-get install certbot -y

   0 with the name of your registered domain name.

   DOMAIN=domain

   Example:

   DOMAIN=example.com

3. Enter the following command to confirm the variables return the correct values:

   sudo apt-get install software-properties-common

   7 You should see a result similar to the following:
4. Enter the following commands individually to rename your existing certificate files as backups. Refer to the Important block at the beginning of this tutorial for information about the different distributions and file structures.
   • For Debian Linux distributions

     Approach A (Bitnami installations using system packages):

     sudo apt-get install software-properties-common

     8

     sudo apt-get install software-properties-common

     9 Approach B (Self-contained Bitnami installations):

     sudo apt-get install gpg -y

     0

     sudo apt-get install gpg -y

     1
   • For older instances that use the Ubuntu Linux distribution:

     sudo apt-get install gpg -y

     2

     sudo apt-get install gpg -y

     3

     sudo apt-get install gpg -y

     4
5. Enter the following commands individually to create links to your Let’s Encrypt certificate files in the Apache directory. Refer to the Important block at the beginning of this tutorial for information about the different distributions and file structures.
   • For Debian Linux distributions

     Approach A (Bitnami installations using system packages):

     sudo apt-get install gpg -y

     5

     sudo apt-get install gpg -y

     6 Approach B (Self-contained Bitnami installations):

     sudo apt-get install gpg -y

     7

     sudo apt-get install gpg -y

     8
   • For older instances that use the Ubuntu Linux distribution:

     sudo apt-get install gpg -y

     9

     sudo apt-add-repository ppa:certbot/certbot -y

     0
6. Enter the following command to start the underlying services that you had stopped earlier:

   sudo apt-add-repository ppa:certbot/certbot -y

   1 You should see a result similar to the following:
   The SSL certificate files for your WordPress instance are now in the correct directory.
7. Continue to the of this tutorial.

Step 8: Integrate the SSL certificate with your WordPress site using the Really Simple SSL plug-in

Install the Really Simple SSL plug-in to your WordPress site, and use it to integrate the SSL certificate. Really Simple SSL also configures HTTP to HTTPS redirection to ensure that users who visit your site are always on the HTTPS connection.

To integrate the SSL certificate with your WordPress site using the Really Simple SSL plug-in

1. In the Lightsail browser-based SSH session for your WordPress instance, enter the following command to set your

   sudo apt-get install certbot -y

   9 and

   DOMAIN=domain

   0 files to be writeable. The Really Simple SSL plug-in will write to the wp-config.php file to configure your certificates.

   • For newer instances that use the Debian Linux distribution:

     sudo apt-add-repository ppa:certbot/certbot -y

     2
   • For older instances that use the Ubuntu Linux distribution:

     sudo apt-add-repository ppa:certbot/certbot -y

     3
2. Open a new browser window and sign in to the administration dashboard of your WordPress instance.

   Note

For more information, see Getting the application user name and password for your Bitnami instance in Amazon Lightsail.

3. Choose Plugins from the left navigation pane.
4. Choose Add New from the top of the Plugins page.
5. Search for Really Simple SSL.
6. Choose Install Now next to the Really Simple SSL plug-in in the search results.
7. After it’s done installing, choose Activate.
8. In the prompt that appears, choose Go ahead, activate SSL! You may be redirected to the sign in page for the administration dashboard of your WordPress instance.

   Your WordPress instance is now configured to use SSL encryption. Additionally, your WordPress instance is now configured to automatically redirect connections from HTTP to HTTPS. When a visitor goes to

   DOMAIN=domain

   1, they are automatically redirected to the encrypted HTTPS connection (i.e.,

   DOMAIN=domain

   2).

Step 9: Renew the Let's Encrypt certificates every 90 days

Let’s Encrypt certificates are valid for 90 days. Certificates can be renewed 30 days before they expire. To renew the Let's Encrypt certificates, run the original command used to obtain them. Repeat the steps in the section of this tutorial.

Is Let's Encrypt legit?

It's secure – Let's Encrypt serves as a platform for implementing modern security techniques and best practices.

Why not to use letsencrypt?

Having a secure connection to a website does not make that site trustworthy. It doesn't mean you can use it safely. As a further concern, little protection preventing distributors of malware from making use of Let's Encrypt exists. Malware distributors have already taken advantage of this.

Why does Letsencrypt exist?

Let's Encrypt is a nonprofit, our mission is to create a more secure and privacy-respecting Web by promoting the widespread adoption of HTTPS. Our services are free and easy to use so that every website can deploy HTTPS.

Is Win Acme legit?

It's open source (GitHub - win-acme/win-acme: A simple ACME client for Windows (for use with Let's Encrypt et al.)) so assuming you trust the party which build the software and you've verified the code to be safe, you should be good.