How to Set Up Apache with SSL on AWS Lightsail (Bitnami Stack)

How to Set Up Apache with SSL on AWS Lightsail (Bitnami Stack)

Aswanth Alakkadan
June 13, 2025
3 min read

Setting up a secure Apache server with SSL on AWS Lightsail using Bitnami can feel complex, but this guide breaks it down into simple, actionable steps. Here's how to go from a fresh instance to a fully secure, HTTPS-enabled website.

✨ Overview

In this guide, you'll:

  • Set up a domain with Apache on a Bitnami Lightsail instance
  • Install an SSL certificate using Let's Encrypt
  • Configure Apache to redirect HTTP to HTTPS

⚡ Prerequisites

  • AWS Lightsail instance running Bitnami (Ubuntu-based)
  • Domain name pointing to your Lightsail static IP
  • SSH access to your instance

🚀 Step 1: Connect to Your Instance

ssh -i /path/to/your-key.pem bitnami@your-lightsail-ip

📝 Step 2: Install Certbot

sudo apt update
sudo apt install snapd
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot

Create a symlink:

sudo ln -s /snap/bin/certbot /usr/bin/certbot

🌐 Step 3: Generate SSL Certificate

sudo certbot certonly --webroot -w /opt/bitnami/apache/htdocs -d yourdomain.com -d www.yourdomain.com

You'll find the certificates here:

/etc/letsencrypt/live/yourdomain.com/

⚖️ Step 4: Configure Apache SSL

Edit the SSL config:

sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami-ssl.conf

Update with:

<VirtualHost _default_:443>
  ServerName yourdomain.com
  ServerAlias www.yourdomain.com
  SSLEngine on
  SSLCertificateFile "/etc/letsencrypt/live/yourdomain.com/fullchain.pem"
  SSLCertificateKeyFile "/etc/letsencrypt/live/yourdomain.com/privkey.pem"

  ProxyPass / http://127.0.0.1:5001/
  ProxyPassReverse / http://127.0.0.1:5001/

  ErrorLog "/opt/bitnami/apache2/logs/error_log"
  CustomLog "/opt/bitnami/apache2/logs/access_log" combined
</VirtualHost>

➡ Step 5: Redirect HTTP to HTTPS

Edit the main config:

sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf

Inside <VirtualHost _default_:80> block, add:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

🚪 Step 6: Restart Apache

sudo /opt/bitnami/ctlscript.sh restart apache

📊 Step 7: Test Everything

  • Visit http://yourdomain.com → should redirect to https://...
  • curl -I http://yourdomain.com → check for 301 redirect

🚀 Done!

You've successfully:

  • Enabled HTTPS on your Bitnami Apache instance
  • Secured your domain with Let's Encrypt
  • Forced HTTP to redirect to HTTPS

Your web app is now secure and production-ready.

Want to add auto-renewal or use Nginx instead? Let me know and I can add those guides next!