13 November 2021

Adding a wildcard SSL certificate to your WordPress site

So this one threw me for a little bit of a loop when I was first trying to figure it out, even though it shouldn’t have. I was just overthinking it. There was plenty of documentation out there for adding a certificate to a single site, but there is not much when it comes to adding a wildcard certificate to a multi-site WordPress install. I guess that was where I had gotten confused. For reference, this was the specific KB article that helped me the most.

For folks that don’t know what I’m talking about, a multi-site install is one where you can host different WordPress sites on the same server. Meaning that site1.<yoursite>.com and site2 .<yoursite>.com could both reside on the same server even if they are about completely different content. Thus you would only have to cover the cost to host one server, instead of paying for two, one for each host. Yes, they do share some resources, so there are some possible drawbacks… But for most personal sites it should not really be an issue for a few sites to share the same host.

You will need OpenSSL installed on your machine before we continue. It’ll likely already be installed if you are using LInux. If it’s not installed please use your OS’s package manager to install it.

Generate a new private key:

sudo openssl genrsa -out /opt/bitnami/apache2/conf/server.key 2048

Use that key to create a certificate:
***IMPORTANT: Enter the server domain name when the below command asks for the “Common Name”.***

sudo openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr

Send the cert.csr file to your Certificate Authority (CA). After they complete their validation checks, they will issue you your new certificate.

Download your certificates. You should have received two files, one was your new certificate and the other file is the CA’s certificate. Rename them as follows:

  • STAR_YourSite_com.crt –> server.crt
  • STAR_YourSite_com.ca-bundle –> server-ca.crt

Backup your private key after generating a password-protected version in the pem format.

sudo openssl rsa -des3 -in /opt/bitnami/apache2/conf/server.key -out privkey.pem

Note: To regenerate the key and remove the password protection, you can use this command:

sudo openssl rsa -in privkey.pem -out /opt/bitnami/apache2/conf/server.key

We’re almost done. Next you’ll open the Apache configuration file to verify it’s setup to use the certificates you just uploaded. The config file can be found at: /opt/bitnami/apache2/conf/bitnami/

Scroll down until you find “<VirtualHost _default_:443>” and verify that it is pointing to the correct certificate, key, and CA certificate bundle that you uploaded earlier. You should find the below lines, if you don’t, go ahead and add them.

SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
SSLCACertificateFile "/opt/bitnami/apache2/conf/server-ca.crt"

Note: It’s easiest to use these default names and not a custom name for these files. If you use a custom name you might need to update that name in other spots of the Apache config file, and you’ll have to google that on your own. If your cert/key is using another name, I recommend just renaming them to the default names above that Apache uses.

After we have copied our files over and have verified that the Apache config file is correct, we are going to update the file persmissions on our certificate files. We will make them readable by the root user only with the following commands:

sudo chown root:root /opt/bitnami/apache2/conf/server*
sudo chmod 600 /opt/bitnami/apache2/conf/server*

Open port 443 in the server firewall. If you’re using Bitnami you can reference this KB.

Restart your server.

Once it comes up, you should now be able to connect to your site using HTTPS.


  • If you are looking for where to purchase an SSL certificate, check out SSLs.com. I use them for my projects. I’ve shopped around, and they have the best deals that I have found anywhere on the Internet.
12 November 2019

HTTPS and SSL, options?

In today’s day and age, there is no reason why your website should not be serving up it’s content securely. Honestly, the only acceptable reason is if you have just spun up your website and you are still configuring it.

As far as obtaining an SSL certificate to make your site secure, you have two options, free or paid. There is really only one free provider, which I’ll cover below. For paid, there are lots of Certificate Authority vendors out there, and I’m sure that any one of them would likely be happy to take your money. I’ll mention my preferred vendor later.

The one free option that definitely stands out for doing it’s part to help secure the internet. That provider is, Let’s Encrypt. Let’s Encrypt is a free, automated, and open Certificate Authority. They do this to help the Internet be a more secure and privacy respecting Web. You can read more about them here.

The best part of Let’s Encrypt is it’s automated nature. No one enjoys replacing certificates, so having an automated process to renew and replace your certificate is like a dream. If your running your own server, check out their certbot. A lot of web hosting companies even streamline this process further by providing this option as an easy and simple solution directly thru their management consoles with only a few clicks.

If you are using AWS and running Bitnami as your server’s underlying operating system, then you are in luck. There is lots of documentation you can read up on. This link talks about how to generate and install your Let’s Encrypt ssl, where as this link about how to auto configure a Let’s Encrypt ssl. I’m not going to in to Let’s Encrypt much further than that though.

The other option is to pay for a ssl certificate. The company that I personally use and recommend for purchasing SSL certificates through is SSLs.com. The site and service is owned by Sectigo (Comodo was re-branded), which is arguably one of the largest and most well known Certificate Authorities out there. My favorite part of using SSLs.com though is their pricing. They have, hands down, the cheapest price for a SSL certificate anywhere. At the time of me writing this, you could get an SSL certificate for a single domain for $6.88 for a single year, or down to as low as $3.77/yr if you bought it for four years.

Category: AWS | LEAVE A COMMENT
11 November 2019

Removing the Bitnami bannner image

On a new install of WordPress on Bitnami, you’ll have a small little banner image displayed in the lower right corner of your webpage.

To remove it, you can find instructions in Bitnami’s online documentation. https://docs.bitnami.com/aws/how-to/bitnami-remove-banner/

To remove the banner link you can complete these steps:

  • Log in to into your server console using SSH and execute the following command. sudo /opt/bitnami/apps/wordpress/bnconfig --disable_banner 1
  • If you get the response: “command not found”. Try using this command instead and it should work. sudo /opt/bitnami/apps/wordpress/bnconfig.disabled --disable_banner 1
  • Restart the Web server.
    • If you’re using Apache, execute the command below: sudo /opt/bitnami/ctlscript.sh restart apache
Category: AWS, Bitnami | LEAVE A COMMENT
4 October 2019

Easy Beginnings – website hosting

The Internet has come a long ways since it’s early beginnings. One of the things that have gone from “only a nerd could accomplish” to now “almost anyone” can do is pick a host and create their own content.

Ages ago I started using a hosting company called DreamHost.com (referral link, save $50). They are a great hosting company, and I still use them for some stuff. If you’re much of a ‘techie’ person, then they would definitely a great choice for you to use. They have a lot of affordable hosting options, and make things really simple with “one click” installers that will do all of the heavy lifting for you. With one click it will do everything for you from the install to configuring the associated application’s database and creating the admin user. Within minutes you have an email in your mailbox telling you that your ready to go! Here is a link to all of DreamHost’s “one click” installers and 3rd party apps.

They actually have some really great support, and to help keep their costs down, they only offer email based support. For some people, that just doesn’t work for them. I can honestly say that I really haven’t had much to complain about in over a decade of relying on them. Their email support has been timely. In my opinion, they are a wonderful hosting company. If you need things simple and easy, and don’t really want to mess around with having to do anything yourself, this is the perfect hosting company for you to use. They do also offer more advanced stuff too.

If you need something a little more powerful or robust. Or if you are that nerd that wants to have a bit more control over the server hosting your site, then it’s time to consider taking a look at a larger provider like Amazon Web Services (AWS). AWS has some great options to choose from and with services like, Lightsail, they make it super simple and affordable to make and host a website or application. Their Lightsail offering even have many of the same “one-click” install options. In an attempt to broaden my own knowledge and skills on AWS, I have started to move my “web things” over to them. I don’t have any complaints. And being able to manage the underlining server my site runs one at the OS level, gives lots of options for me. As an IT professional, I’m hopping compute pools and settling into the AWS and Azure environments for my next ride. Both of these LARGE cloud providers offer so much to the power user like myself. At some point, I’ll write up an article on creating your first Lightsail in AWS, so stay tuned!

Category: AWS | LEAVE A COMMENT