Step by Step Windows Bitnami Wordpress LetsEncrypt setup

Keywords: WordPress - Windows - How to - Secure Connections (SSL/HTTPS)
Description:
I am looking for a LetsEncrypt setup for the Windows version of Bitnami Wordpress. I have tried to follow along and make sense from the Bitnami linux ssl documentation but that ended up corrupting my bitnami website twice and I had to reinstall from scratch and using backup. Any help would be greatly appreciated…

Hi @SteveRogers

Thanks for using Bitnami WordPress!

The process of using LetsEncrypt has been documented (as you mentioned) by the team, so any guide or steps I can give you will be basically mimic the ones there. Instead, I can help you out if you struggle to apply any of the steps there or investigate why your site does not work after them :slightly_smiling_face:

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Hi Jose!

Well I am not starting off very well.
First, I cannot find the bncert tool that almost EVERY single document refers too.
I have searched the entire Windows Bitnami installation folder and cannot find this tool anywhere.
This is why I reached out to the community for help as I cannot find this tool. I tried manually downloading the tool and it is for Linux only. Not Windows. If you can point me in the right direction where I can find this bncert tool for Windows that would be AWESOME!

Hi @SteveRogers

You are right! I somehow thought that you were using a VM on Windows (for which you can use the Linux steps), my apologies!

Here you have some guidelines on how to request and configure an SSL certificate:

  1. To request the certificate we are going to use Lego, a program that talks to LetsEncrypt’s servers and does all the duties. Download the latest version of Lego from https://github.com/xenolf/lego/releases

  1. Stop the Apache service of your installation. You can learn more about how to do this in this guide:
    https://docs.bitnami.com/installer/faq/windows-faq/administration/control-services-windows/

  2. Open a command prompt (CMD) and change to the directory where the contents of the Lego zip file are. In my case, it is in C:\Users\Administrator\Downloads\lego:

  1. Run the following command using your details:
lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --domains="ANOTHER_DOMAIN_IF_REQUIRED" --path="PATH TO STORE THE CERTS" run
  1. Update the Apache’s configuration to use those certificates: installdir/apache2/conf/bitnami/bitnami.conf file. You should modify the directives SSLCertificateFile and SSLCertificateKeyFile to point to these newly generated certificates.

  2. Start Apache again

Could you please try to follow them and report back?

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Hi Jose!

So sorry for the delayed response.
This is fantastic and just what I was searching for!
So for the lego command string, would the first --domains look like this mydomain.com and the second --domains be www.mydomains.com? For the --path, is there a specific folder in the Bitnami folder I should place the certificates or is this path just a placeholder for the creation process?

Hey, and thank you for sticking with me through this! You are awesome!

Hi again @SteveRogers

So for the lego command string, would the first --domains look like this mydomain.com and the second --domains be www.mydomains.com? For the --path, is there a specific folder in the Bitnami folder I should place the certificates, or is this path just a placeholder for the creation process?

Yes, so for example let’s say I want to request a new certificate for my new page. The domains I want to use are awesomepage.com & www.awesomepage.com. My email is jcarmona@mail.com and the path I want to store my files is C:\INSTALL_DIR\apache2\certs:

lego --tls --email="jcarmona@mail.com" --domains="awesomepage.com" --domains="www.awesomepage.com" --path="C:\INSTALL_DIR\apache2\certs" run

specific folder in the Bitnami folder I should place the certificates or is this path just a placeholder for the creation process?

In theory, you could use any path as you are then expected to alter the apache configuration properties accordingly (specifying the correct route). In practice, I recommend you keep these files in the same Apache directory.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Jose! You ROCK! It worked perfectly!
I do have a couple of questions though.
Do I have to do this every time I upgrade Bitnami? Whenever a new Bitnami release comes out, I normally do a backup, uninstall the old version, reboot the server, then install the new on from scratch then restore from backup. I usually run into a couple of snags but his is the only I figured out how to upgrade Bitnami successfully. If there is a much easier way I am would like to know! Other question, If I don’t have to upgrade Bitnami, does Letsencrypt require me to renew within a certain time period before it expires?
Jose, this is truly awesome! I may have a couple more questions for you to…

Glad to hear it helped!

Do I have to do this every time I upgrade Bitnami?

No, there’s is no need to repeat this process as long as you have a copy of the generated certificate files. You could easily restore/install a new stack and copy the certificates back to their location and that should be enough.

If there is a much easier way I am would like to know!

If you only want to upgrade the version of WordPress itself you could also follow this guide we have:
https://docs.bitnami.com/installer/apps/wordpress/administration/upgrade/

However, let me mention that the Bitnami WordPress stack ships several components (i.e. PHP or MySQL). Following that guide will only update the WordPress version and not the rest of the components. If you want to upgrade all components, the approach you are following is the right one!

does Letsencrypt require me to renew within a certain time period before it expires?

Yes, Letsencrypt certificates are valid up to 90 days since their generation (as per their official documentation ). Here is an example of how to renew them: https://go-acme.github.io/lego/usage/cli/examples/#to-renew-the-certificate

Jose, this is truly awesome! I may have a couple more questions for you to…

Our pleasure!

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart: