Prerequisites:
1. Create a WordPress instance in Lightsail.
2. Register a domain name and gain administrative access to edit its DNS records.
3. Install Certbot on your Lightsail instance.
4. Connect to your Lightsail browser-based SSH session.
Instructions:
1. Install Certbot:
- Update package information: `sudo apt-get update`.
- Install required software: `sudo apt-get install software-properties-common`.
- Add the Certbot repository: `sudo apt-add-repository ppa:certbot/certbot -y`.
- Update package information again: `sudo apt-get update -y`.
- Install Certbot: `sudo apt-get install certbot -y`.
- Confirm successful installation of Certbot.
2. Request a Let's Encrypt SSL Wildcard Certificate:
- Set up variables for your domain and wildcard: `DOMAIN=example.com` and `WILDCARD=*.$DOMAIN`.
- Confirm the variable values: `echo $DOMAIN && echo $WILDCARD`.
- Start Certbot in interactive mode with DNS challenges for domain ownership verification and request a wildcard certificate: `sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly`.
- Provide your email address for renewal and security notices.
- Read and accept the Let's Encrypt terms of service when prompted.
- Verify domain ownership by adding TXT records to your domain's DNS zone.
3. Add TXT Records to Domain's DNS Zone:
- Use MxToolbox to check if the TXT records have propagated to the internet's DNS.
- Open https://mxtoolbox.com/TXTLookup.aspx in a new browser window.
- Enter the text: `_acme-challenge.domain`, replacing "domain" with your domain name.
- Choose "TXT Lookup" to check the records.
- If propagated, proceed to complete the Let's Encrypt SSL certificate request; otherwise, wait for propagation and retry.
4. Complete the Let's Encrypt SSL Certificate Request:
- Go back to the Lightsail browser-based SSH session for your WordPress instance.
- Press Enter to continue the Let's Encrypt SSL certificate request.
- Confirm that your certificate, chain, and key files are stored in the /etc/letsencrypt/live/domain/ directory.
- Note the expiration date for future renewal.
- Proceed to the next section of the tutorial.
5. Create Links to the Let's Encrypt Certificate Files:
- Stop underlying services: `sudo /opt/bitnami/ctlscript.sh stop`.
- Set an environment variable for your domain: `name.DOMAIN=example.com`.
- Confirm the variable value: `echo $DOMAIN`.
- Rename existing certificate files as backups, if any.
- Create links to the Let's Encrypt certificate files in the Apache directory.
- Start the underlying services: `sudo /opt/bitnami/ctlscript.sh start`.
6. Integrate the SSL Certificate with WordPress using Really Simple SSL:
- Set your wp-config.php file to be writable for the plugin: `sudo chmod 666 /opt/bitnami/apps/wordpress/htdocs/wp-config.php`.
- Open a new browser window and sign in to your WordPress instance's administration dashboard.
- Install Really Simple SSL plugin: Search for "Really Simple SSL" and choose "Install Now."
- Activate the plugin and follow the prompts to activate SSL and enable automatic HTTP to HTTPS redirection for your site.
7. Renew the Let's Encrypt Certificates every 90 days:
- Let's Encrypt certificates are valid for 90 days. Renew them using the original command used for obtaining the certificates. Repeat the steps in the "Request a Let's Encrypt SSL wildcard certificate" section.
By following these steps, you'll have successfully obtained and integrated a Let's Encrypt SSL wildcard certificate for your WordPress site hosted on Lightsail. Remember to renew the certificates before they expire to maintain secure HTTPS connections.