Recharge your Lightsail application generated by Bitnami with HTTPS and SSL

I started this blog by letting WordPress.com host it for $5 per month. I paid roughly $40 (with a coupon) for a year’s worth of hosting, got myself a free domain, great one-click install, and everything else works right out of the box. Great! or so I thought…

Then, I began to wonder, how can I remove the “Proudly powered by WordPress.com” shown below? Ugh, I can’t, it seems only business accounts, a.k.a $25 per month can do that. Ok, how about adding Google Analytics code? Ugh, you can’t inject anything into the head  tag either. What about promoting content via Adsense? Uhm, nope! Can’t inject that code either! Ok so how do I get around that? I figure, I needed to pay for a business account, so that’s $25 x 12 = a freaking $300 US dollars per year. That’s roughly 415 AUD per year down the drain. I don’t want to pay that much, at least not until I know my blog can generate some constant traffic, and is in need of their security updates, regular backups, optimisations, autoscaling, and other valuable features that these out of the box solutions offer. For now, this blog can work in a shared hosting environment and for that reason I don’t want to pay more than $5 bucks per month.

Here comes AWS Lightsail

Trying to get over my frustration with WordPress.com’s limited functionality, I began my search. I started to consider other options and stumbled on a $3.50 per month Lightsail application, with a WordPress one click install, powered by Bitnami. I gave it a quick spin, setup the domain names, and it’s seemed quite easy to do. Of course, it came with some DIY configurations that I had to do. I realised that it did not offer HTTPS right out of the box. uh oh… so, here’s some tips if you are like me and want to set these things up.

Why does HTTPS matter? It’s just a one-man blog

Besides the obvious security reason, it is also a usability and trust projection issue. Chrome will eventually label all websites without HTTPS as non-secure. You obviously don’t want your visitors to think that your site is not legit. Check out for more details: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

In addition, HTTPS has been used in the Google search ranking algorithm since 2014, and I want my site to be indexed well.

Generating a Let’s Encrypt SSL certificate for your domain

On a serious note, the recommended way to use any serious Lightsail application, is to use the Lightsail load balancer, which costs $18 USD per month. This is basically why I went the hard way. $18×12 = US $216. That’s exactly $298.75 AUD, and that’s way above my blogging budget.

https://lightsail.aws.amazon.com/ls/docs/en/articles/create-lightsail-load-balancer-and-attach-lightsail-instances

Let’s Encrypt is a Certificate Authority (CA) that issues free SSL certificates. You can use these SSL certificates to secure traffic to and from your Bitnami application host.

This guide walks you through the process of generating a Let’s Encrypt SSL certificate for your domain, installing, and configuring it to work with your Bitnami application stack.

Follow the very simple instructions here. Thanks to Bitnami for spoon feeding us with this tutorial:

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

Redirect your HTTP to HTTPS

Now that you have installed your auto-renew certificate via cron, there’s one more step left to do. That is to redirect your HTTP traffic to HTTPS. 

This WordPress blog is a Lightsail application which is auto-generated by Bitnami. It’s running under Apache 2, so you will need to edit a prefix file and simply add htaccess rules below:

sudo vim /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

If you are lazy like me, simply edit via the Lightsail browser terminal like so:

Then, restart your apps!

sudo /opt/bitnami/ctlscript.sh restart

Voila! Now all HTTP requests will be redirected to HTTPS, now my blog is uhmm… somewhat more secure, and ready for some SEO optimisation 🙂



Leave a Reply

Your email address will not be published. Required fields are marked *