LAB: Enabling HTTPS on your WordPress instance in Amazon Lightsail
|Lab Admin||Derrick Park|
|Title||Enabling HTTPS on your WordPress instance in Amazon Lightsail|
|Description||SSL cert for derrickpark.com|
|Budget||Free with bncert|
Amazon Lightsail makes it easy to secure your websites and applications with SSL/TLS using Lightsail load balancers.
Configuration recommendations before using a Lightsail load balancer for WordPress
- Separate your database so that every WordPress instance running behind the load balancer is storing and retrieving information from the same place. If you need more performance from your database, you can replicate or change the processing power or memory independently of your web server.
- Use a WordPress plugin that lets you store your files in Amazon S3. This gives you a centralized place for your content or images, rather than keeping separate copies on each target instance. That way, if you edit your content or change an image, the updates get picked up from the centralized store and your users see the same content, regardless of which instance they hit.Find WordPress Amazon S3 plugins
AWS Lightsail Load Balancers cost $18/month plus S3 bucket pricing as follows:
However, using a Lightsail load balancer might not generally be the right choice. Perhaps your site like ours derrickpark.com doesn’t need the scalability or fault tolerance load balancers provide, or maybe you’re optimizing for cost (we absolutely are). In the latter case, you might consider using Let’s Encrypt to obtain a free SSL certificate. If so, that’s no problem. You can integrate those certificates with Lightsail instances.
This guide shows you how to use the Bitnami HTTPS configuration tool (
bncert) to enable HTTPS on your Certified by Bitnami WordPress instance on Amazon Lightsail. It lets you request certificates only for the domains and subdomains that you specify when making your request. Alternately, you can use the Certbot tool, which lets you request a certificate for domains and a wildcard certificate for subdomains. A wildcard certificate works for any subdomains of a domain, which is beneficial if you don’t know which subdomains you will use to direct traffic to your instance. However, Certbot does not automatically renew your certificate like the
bncert tool. If you use Certbot, you have to manually renew your certificates every 90 days. For more information about using Certbot to enable HTTPS, see Tutorial: Using Let’s Encrypt SSL certificates with your WordPress instance in Amazon Lightsail.
LAB: AWS Domain Registration & Web Hosting fulfills Step 1 and Step 2 below.
- Step 3: Connect to your instance
- Step 4: Confirm the bncert tool is installed on your instance
- Step 5: Enable HTTPS on your WordPress instance