Contents
Setup HTTPS for AWS WordPress
Here’s the easiest way to setup HTTPS for AWS WordPress for free using a free SSL certificate from Let’s Encrypt. This is part of our full guide to using AWS WordPress.
We’ll also show you how to do some other important config which is strongly recommended for a WordPress server:
- Redirect all HTTP traffic to HTTPS
- Redirect all requests from the www subdomain to your non-www domain (or vice-versa if that’s your preference)
- Setup automatic renewals for your free HTTPS certificate
- Configure the WordPress server to have the correct server identity
The first 3 steps are easy once you know how, but a lot of people don’t manage to find the right bit of the Bitnami documentation, because it’s not made obvious for new Lightsail users.
You’ll find several guides for setting up HTTPS on WordPress using Let’s Encrypt, but they will all be much more work than you need to do.
The “secret” is a configuration tool provided by Bitnami and already installed in your AWS WordPress from Lightsail.
As always with AWS, you should take care to ensure that you understand AWS pricing and that only you are responsible for any bills you incur.
HTTPS for AWS WordPress the easy way
- From your AWS Lightsail instance home page click Connect using SSH
- Enter the command
sudo /opt/bitnami/bncert-tool
- Follow the prompts to update the tool if requested
- After updating, run that command again
You’ll be presented with a wizard that will walk you through the setup. In the following screens and instructions we’ll choose to redirect www to non-www, and redirect HTTP to HTTPS.
This is what we recommend you do also, unless you prefer to use the www version of your domain instead of the non-www.
We’re assuming that you created DNS alias records for www.example.com and example.com as instructed in this tutorial. If you have some other arrangement, you need to enter the domains that you want your SSL certificate to apply to.
- Enter your domains – give the non-www and www versions, eg
- example.com www.example.com
- Enter y for “Enable HTTP to HTTPS redirection”
- Enter n for “Enable non-www to www redirection”
- Enter y for “Enable www to non-www redirection”
Now you will see a summary of the changes that will be performed. Double-check your selections and type y to proceed.
In the summary you will see that it includes “configure your server to use free Let’s Encrypt certificate” and “configure a cron job to automatically renew the certificate each month”
You’ll be asked to enter your email address and agree to the terms and conditions for the SSL certificate.
When it’s done, we can check that everything is working:
- Browse to your domain name – you should now see the “secure” padlock indication in the browser
- Enter http://yourdomain – you should be redirected to https
- Enter https://www.yourdomain – you should be redirected to yourdomain without the www
There’s one issue left that we will handle later in this course. If you enter the public IP address of your server you can still get to your WordPress site. It will be marked as unsafe because the SSL certificate we just acquired only covers the domain names we entered.
We don’t want to allow direct access to our server via the IP address. Later in this course we will set up a CDN to improve performance for our visitors and reduce load on our server. We will show you how to force all traffic to go through your domain and not access the server directly through its IP address.
We want visitors to go through our domain name so that they go through our CDN. We also don’t want Google to index any of our pages using the IP address because this can cause problems for our SEO performance.
We address this later in this series of tutorials for AWS WordPress.
For now, there is one last thing to do. Go to your WordPress admin console and choose Settings, general from the side menu.
There are two entries near the top, which will both be disabled. These are:
- WordPress Address (URL)
- Site Address (URL)
You want them to both say https://example.com where example.com is your domain name. If it shows anything else then we need to fix it. We do this by editing one of the WordPress config files.
Set the WordPress Address and Site Address for AWS WordPress
- From the Lightsail home page for your instance, choose Connect using SSH
- Enter this command –
sudo vi /opt/bitnami/apps/wordpress/htdocs/wp-config.php
That command opens the wp-config.php file in the vi editor program. If you don’t know vi, don’t worry. It’s easy:
- Type i, to enter insert mode
- Use the arrow keys to move down to where you see two lines like this:
define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/');
define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '/');
- Change those lines to look like this, using your domain name
define('WP_SITEURL', 'https://example.com');
define('WP_HOME', 'https://example.com');
- Press esc, to come out of insert mode
- Type :wq and press return, to write the changes and quit the editor. That’s a colon then w then q, then hit return
- Restart Apache with this command –
sudo /opt/bitnami/ctlscript.sh restart apache
Once the server is back up, take a look at those values in Settings, general and confirm that it is correct.
Job done. We’re now on HTTPS.
Later in this course we’ll go over setting up a Cloudfront CDN to improve performance of your WordPress site. The CDN will also enforce HTTPS between visitors and Cloudfront, and will use HTTPS from Cloudfront to your WordPress server so that we are secure right the way through.
You can find the documentation for the Bitnami HTTPS config tool here, although be warned that Bitnami documentation has a habit of moving around and there are lots of broken links.
FAQ
Can you have HTTPS on AWS Lightsail WordPress?
Yes. You can set it up in the server using a free Let’s Encrypt SSL certificate. You can also enforce HTTPS with a Cloudfront CDN.
What does it cost for SSL / HTTPS on AWS Lightsail WordPress?
With a Let’s Encrypt certificate it is free, but you have to refresh the certificate every month. This can be automated.
How do you setup HTTPS on AWS Lightsail WordPress?
The easiest way is to use bncert-tool from Bitnami which is already installed in a Lightsail WordPress instance on Amazon. Instructions are in this post.
How do you redirect HTTP to HTTPS on AWS Lightsail WordPress?
The easiest way is to use bncert-tool from Bitnami which is already installed in a Lightsail WordPress instance on Amazon. Instructions are in this post.
This was the article I was looking for – thank you so much Alistair! Saved me hours of headache setting up SSL on my Lightsail WordPress site for my business.
Thank you for this. Saved me from downloading a file client and going down that road for the first time. Will check out more of your content.
Thank you so much! Saved me a tonne of time – amazing. Thank you.
I rarely give article a comment, but thanks ! It was very clear, very simple and fully working !
Well done !
Thanks a million for this wonderful tutorial. Straight forward, the right amount of information and very easy to understand and follow the steps!
Thanks again!