Bitnami WordPress on Google Cloud Compute Engine does not out of the box ship with SSL turned on, site owners need to secure communication to and from their website using SSL.
Here’s how to configure SSL using a free Cloudflare SSL certificate for Bitnami WordPress on Google Cloud Compute Engine.
Creating certificate files with Cloudflare
First we generate and download the SSL certificate files from Cloudflare.
-
- Open up your site profile on Cloudflare.com
- Switch to the Crypto tab
- Within the Origin Certificates section click the Create Certificate button
- Ensure the Let Cloudflare generate a private key and a CSR option is set to RSA
- Click Next
- With the Key format field set to PEM (Default) highlight and paste the contents of the Origin Certificate and Private Key blocks into separate new files on your Desktop:
- Origin Certificate: server.crt
- Private Key: server.key
Configuring Apache on your WordPress Bitnami instance
- Now we connect with SSH to the hosting server; your Google Cloud Compute Engine instance. You can do this via the Google Cloud Platform > Compute Engine > VM Instances > Connect with SSH or with your preferred terminal client.
- Open an SSH session to your Google Cloud Compute Engine instance
- Navigate to the
/opt/bitnami/apache2/conf/
directory with the following terminal command:cd /opt/bitnami/apache2/conf/
- Delete or rename the existing server.crt and server.key files in this directory (I prefer to rename them to server.crt_legacy and server.key_legacy):
sudo mv server.crt server.crt_legacy sudo mv server.key server.key_legacy
- Create two new files in their place:
sudo touch server.crt sudo touch server.key
- With your preferred terminal text editor paste the contents of the two Cloudflare certificate files mentioned above into these new files on your hosting server
sudo nano server.crt sudo nano server.key
- Restart the Apache service
sudo /opt/bitnami/ctlscript.sh restart apache
Enable SSL within Cloudflare
- Open up your site profile on Cloudflare.com
- Switch to the Crypto tab
- Change the SSL dropdown from Flexible to Full
- Change the Always use HTTPS option to On
- Change the Automatic HTTPS Rewrites option to On
That’s it!
Thank you for these instructions. They worked very well for me. I didn’t know how to install the Cloudflare Origin CA certificate and private key files on the Bitnami WordPress web server using SSH via puTTY. Yours are the most simple instructions, and they worked straight away. My website is now live, with Cloudflare HTTPS Always On, and Full Strict SSL/TLS encryption modes.
I had to search for the server.crt and server.key files. They were in a subdirectory of /opt/bitnami/apache2/conf for bitnami certificates. I used the SSH commands “ls” and “cd” to list files and change directory until I found them. (As per the comment above, the bitnami.conf file held the correct pathnames for the server.crt and server.key files.)
I use Amazon AWS platform for my Bitnami WordPress website running on Linux, with Cloudflare. Now I have achieved, with your help and a lot of other tutorials, a free ecommerce-ready secure website, for the price of only the domain name. It has been extremely difficult finding the right information and I appreciate your blog post very much. A very big Thank You!
The entire steps are accurate and easy to follow.
Few suggestions if you are using AWS lightsail bitnami installation.
1. In my case bitnami.conf, the file is divided and bitnami-ssl.conf , file is created so SSL changes need to be done in that.
2. Old cert files are present in this location /opt/bitnami/apache2/conf/bitnami/certs
2. pull CA file for cloudflare can be accessed here – https://developers.cloudflare.com/ssl/static/authenticated_origin_pull_ca.pem
How do you renew the certificate?
Thank you so much!!!!! This was exactly what worked for me. I wish I had found this hours ago.
Thanks! Only a suggestion if somebody have problems with this tutorial.
Maybe you need change the file bitnami.conf in /opt/bitnami/apache2/conf/bitnami/bitnami.conf
You can edit it with the command:
sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
And be sure these lines of code in bitnami.conf are pointing to the route where the files are:
SSLCertificateFile /opt/bitnami/apache2/conf/server.crt
SSLCertificateKeyFile /opt/bitnami/apache2/conf/server.key
SSLCertificateChainFile /etc/ssl/certs/Cloudflare.pem
If you use plugins as Wp-Encrypt these lines can be changed and you need edit it.
Also you could need to add the origin pull CA for Cloudflare to your server in: /etc/ssl/certs/Cloudflare.pem
You can download this certificate directly from Cloudflare here:
https://support.cloudflare.com/hc/en-us/article_attachments/201243967/origin-pull-ca.pem
And rename origin-pull-ca.pem to Cloudflare.pem (if you want).
Short instructions but works flawlessly on helping me installing CF certificate on GCP. Thanks.
Thanks!!!!!!!!!