- Open up your site profile on Cloudflare.com
- Select SSL/TLS
- Origin Server
- Origin Certificates > Create Certificate
- Within the Origin Certificates section click the Create Certificate button
Ensure the Let Cloudflare generate a private key and a CSR option is set to RSA
With the Key format field set to PEM (Default) highlight and paste the contents of the Origin Certificate and Private Key blocks into separate new files on your Desktop:
Origin Certificate: server.crt
Private Key: server.key
Now we connect with SSH to the hosting server;
- Open an SSH session to your AWS Lightsail Instance
cd /opt/bitnami/apache2/conf/bitnami/certs
cp server.crt server.crt.org
cp server.key server.key.org
vi server.crt, paste the contents from server.crt
vi server.key, paste the contents from server.key
sudo /opt/bitnami/ctlscript.sh restart apache Change the SSL/TLS encryption mode to Full (strict) Paste the contents from server.key
Change the option for Always user HTTPS enabled