AWS Lightsail: Custom Domain and SSL Setup

Previously, I've written about Amazon Lightsail, a Virtual Private Server (VPS) offering built on top of secure, reliable, and scalable AWS infrastructure. 

If you are new to Lightsail, I'll recommend reading the previous post, as we will be building on top of that learning.

In the previous post, we covered the VPS basics, a little bit of an introduction to AWS Lightsail, and a few of its use cases. As part of that learning, we also demo-ed installing and spinning up a WordPress website, and we were able to access it using its dynamic public IP address.

Today, we will take one step further and see how we can associate a custom domain and setup SSL for our WordPress website running on Lightsail.

I've bought a custom domain (mgarh.pk) from an external domain provider. You can use any provider, and in most cases they all work in sort of a similar way. Select whichever provider you prefer to buy a domain name from.

So, I'll be using the mgarh.pk domain and will associate it with the WordPress website running on the Lightsail server.

We will cover the following topics in this post:

• Create a public static IP address for Lightsail instance.
• Create a DNS zone.
• Associate DNS zone and public static IP address.
• Configure nameservers for custom domain.
• Enable HTTPs on Lightsail WordPress server.

Static IP Address

In the previous post, we saw that we can access the WordPress website using its dynamic public address: 

However, dynamic public IP addresses attached to our Lightsail instance will change whenever we start/restart the instance. This is of course not useful for our requirements. We need a static IP address which doesn't change with instance state. We will associate it to a custom domain in a later step.

We can easily create and attach a public static IP address to our instance from the Lightsail console by a click of a button. The following picture shows the public static IP address created and attached to our instance:

Once a static IP address is set up, it will remain unchanged even if we start or restart our instance.

Create DNS Zone

To use our registered domain with Lightsail, we can create a DNS zone from the Networking tab on the dashboard:

This will ask for basic information such as the domain name and so on, as shown below:

Here I've entered the domain name, clicked the Create button, and that's it—a DNS zone is created, as shown below: 

Take a note of nameservers, as these are the DNS records we'll need to update with our domain provider (more on this later).

So far, we have created a static IP address and also created a DNS zone, but they are not yet connected. We can connect these two pieces by adding DNS records. The following diagram illustrates this association:

Adding DNS Records

We can easily add DNS records for a DNS zone from the Lightsail console. We'll add two records, which both will resolve to the static IP address of the Lightsail instance we set up earlier:

And a second DNS record, as shown below:

With this, we are mostly done with the setup on the AWS Lightsail side for a custom domain. Next, we will see how to add nameservers to our domain provider side of the things.

Configure Nameservers for Custom Domain

This process requires us to visit the website of our domain provider and update the nameservers with the values provided earlier when creating the DNS zone. The following updated diagram illustrates this association:

Now, the exact user interface process will differ from provider to provider. The following picture shows the user interface, which allows me to update the nameservers' records on the provider portal:

Once you update the nameservers, it may take some time for propagation (12 to 24 hours). Once done, we can access our WordPress website by custom domain instead of IP address: 

Setting UP SSL

Now, it may be that the package you purchased from your domain provider comes with an SSL certificate along with your domain purchase, or it may be a separate item you can purchase from your domain provider.

In my case, an SSL certificate was not included. Instead of buying it separately, I choose to use free SSL certificate from the Let's Encrypt certificate authority.

AWS has a nice article that covers all the details for this step. The following is a short summary of steps you can do to enable HTTPS on your WordPress instance:

• Connect to your instance (e.g., SSH from Lightsail web console)
• sudo /opt/bitnami/bncert-tool
• Enter domain list separated by space (e.g., example.com www.example.com)
• Enable/disable redirections: (e.g., enter Yes Yes No) 

Sample screenshots are provided below. Replace domain names with your custom domain name (e.g., mgarh.pk):

It may ask for some other yes/no-type questions (please check the above-mentioned article from AWS Lightsail for more details, if needed), and in few seconds, the process will be done.

With this part completed, we have an HTTPS-enabled WordPress website that can be accessed by visiting a custom domain address in the browser.

Summary

Amazon Lightsail is a Virtual Private Server. It is a flat-rate, low-cost computing solution with easy setup and low maintenance. It is a scaled-down version of EC2 which is ideal for developers, enthusiasts, and small teams.

In this article, we learned how to use a custom domain with WordPress running on a Lightsail instance. We saw how a static IP address, DNS zones, and DNS records help us to achieve this common requirement. We also covered how to enable HTTPS for instances running WordPress.

Let me know if you have questions or comments. 'Til next time.