Updating SSL Certificate in Amazon Lightsail

Share this article

A while back, I set up the Secure Socket Layer (SSL) Certificate in Amazon Lightsail for this web site using the steps in this blog post. Now it is time to renew that certificate.

Update June 2019. You might want consider using the Bitnami SSL configuration tool for automated updating of SSL certificate.

How you know it is time to renew your SSL certificate

Well, each one from the authority last only 3 months. You will receive an email from the authorities informing your SSL is expiring.

Updating SSL Certificate in Amazon Lightsail
Expiry of SSL Certificate Notification Email

When you go to your web site, you can also see the expiry date on your certificate by clicking on the LOCK icon.

Updating SSL Certificate in Amazon Lightsail
Expiring SSL in Safari

Steps to renew SSL Certificate in Amazon Lightsail

Now because we use what it is called a manual method of installing the SSL previously, then we have to use the following steps. Else you will get the following error when you try to renew the certificate using the auto renewal method.

Error when trying to renew SSL certificate
Error when trying to renew SSL certificate

So never mind.. my life is hard. I find trouble for myself. Sigh.

Here are the steps. In a nut shell, basically it was simply repeating the original set up steps when you were using the Amazon tutorial to be setting up the SSL. But okay.. there are much less steps in the renewal process.

First, as a good practice, do an system update of the server using these two commands. You can even reboot the server if you feel you want to.

$ sudo apt update
$ sudo apt upgrade

After that, set the domain and wildcard again using these commands.

DOMAIN=patnotebook.com (my domain, not yours !)
WILDCARD=*.$DOMAIN
echo $DOMAIN && echo $WILDCARD

After that you can issue the famous command to install the certificate.

sudo certbot -d $DOMAIN -d $WILDCARD –manual –preferred-challenges dns certonly

You will see this screen which shows clearly that you are renewing a certificate (even though the command was the same one for your initial set up)

Updating SSL Certificate in Amazon Lightsail
Updating SSL Certificate in Amazon Lightsail

Now, the troublesome part. You can see that you have to do a DNS Challenge (to prove you are the owner of the domain again). You have to add another TXT record to your DNS.

ADD THE NEW TXT RECORD

DO NOT REMOVE THE OLD TXT RECORDS

When successful, you can see this. I wonder when can I remove all the old TXT records. Even 3 months I have a new TXT record……. mmmm….

Renewing SSL Certificate in Amazon Lightsail SUCCESS
Renewing SSL Certificate in Amazon Lightsail SUCCESS

You can also run these 2 commands to stop and restart the ctlscript.sh scripts in your server.

sudo /opt/bitnami/ctlscript.sh stop

sudo /opt/bitnami/ctlscript.sh start

When all is done, you can go back and check the SSL certificate in your browser…. Tata !!! Renewing SSL Certificate in Amazon Lightsail is a success.

New updated SSL certificate in Amazon Lightsail
New updated SSL certificate in Amazon Lightsail

While the above is not really too troublesome, I might try this other method of setting up (or re-setting up) a SSL certificate for my other web sites. The link is Auto-Configure A Let’s Encrypt Certificate. Let’s see 🙂


Share this article

And Tell me Your Thoughts

This site uses Akismet to reduce spam. Learn how your comment data is processed.