Updating SSL on WordPress Multisite by Bitnami

First of all, and this is important, you need to understand that the certificate you will be installing is for ALL the domains on the multisite. So if you have domain1.com, domain2,com, domain3.com and want to add domain4.com, you need to generate a new certificate for ALL 4 and install that. After fighting with installing an SSL certificate on my server , here are some notes. Hope they help save you time.

Also note that the bitnami script did not work well for me. The script seemed to get confused with the NAT on my network. My server didn’t have the public IP for the domains so the script would fail. The process below is using the LetsEncrypt process and manually placing the files.

Bitnami file structure

Bitnami keeps most everything in the following location: /opt/bitnami/<APP>

Where <APP> is the application (Apache, WordPress, LetsEncrypt, etc) If you are used to normal linux installs, this may be different but it’s actually nice since the structure makes logical sense.

Apache vs Apache2

I’m not sure why they do it but I had /opt/bitnami/apache and /opt/bitnami/apache2. It seems that everything ran out of the apache directory so I’m not sure why apache2 was there.

Primary SSL key location

/opt/bitnami/apache/conf/bitnami/certs/

The process to install new SSL certificates

First backup your existing certificate and key.

sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt.old
sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.key /opt/bitnami/apache2/conf/bitnami/certs/server.key.old

Turn off apache (because this could cause the LetsEncrypt script to fail.

sudo /opt/bitnami/ctlscript.sh stop apache

If you don’t have the lego script, you can download it.

cd /tmp
curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -
tar xf lego_v4.8.0_linux_amd64.tar.gz
sudo mkdir -p /opt/bitnami/letsencrypt
sudo mv lego /opt/bitnami/letsencrypt/lego

Now use lego script to request a certificate. NOTE: the email you use here does matter! Keep track of it. When getting a new certificate, this must match.

sudo /opt/bitnami/letsencrypt/lego --tls --email="youremail@domain.com" --domains="domain.com" --domains="domain2.com"  --path="/opt/bitnami/letsencrypt" run

Obviously, if there was an error, you will need to correct it.

Now create a symbolic link to the new certificate. NOTE: If this fails, you may need to remove the old one. (sudo rm /opt/bitnami/apache/conf/bitnami/certs/server.*)

sudo ln -sf /opt/bitnami/letsencrypt/certificates/NewCertName.key /opt/bitnami/apache/conf/bitnami/certs/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/NewCertName.crt /opt/bitnami/apache/conf/bitnami/certs/server.crt

Now, that link is not secure so let’s put some security in and lock it down a bit.

sudo chown root:root /opt/bitnami/apache2/conf/bitnami/certs/server*
sudo chmod 600 /opt/bitnami/apache2/conf/bitnami/certs/server*

Now remember to turn apache back on.

sudo /opt/bitnami/ctlscript.sh start apache

Now all the sites should have an SSL certificate installed.