AWS lightsail documentation change
Summary
Updated instructions for Let's Encrypt certificate setup on WordPress instances, including SSH connection guidance, DNS validation steps, certificate linking process, and documentation fixes
Security assessment
The changes improve documentation for HTTPS/TLS certificate deployment via Let's Encrypt, which is a security feature. However, there's no evidence of addressing a specific vulnerability. Updates include DNS validation instructions for domain ownership verification and proper certificate linking - all security best practices but not remediation of a known issue.
Diff
diff --git a/lightsail/latest/userguide/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress.md b/lightsail/latest/userguide/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress.md index 539f2aaa8..552f095e3 100644 --- a//lightsail/latest/userguide/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress.md +++ b//lightsail/latest/userguide/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress.md @@ -96 +96 @@ Certbot is a client used to request a certificate from Let’s Encrypt and deplo - 2. In the left navigation pane, choose the SSH quick connect icon for the instance that you want to connect to. + 2. On the Instances home page, choose the SSH quick connect icon for the instance that you want to connect to. For example, with a WordPress instance named _Example_ : @@ -98 +98 @@ Certbot is a client used to request a certificate from Let’s Encrypt and deplo - + @@ -106 +106 @@ Certbot is a client used to request a certificate from Let’s Encrypt and deplo - 4. Enter the following command to install the software properties package. Certbot’s developers use a Personal Package Archive (PPA) to distribute Certbot. The software properties package makes it more efficient to work with PPAs. + 4. Enter the following command to install the software properties package. Certbot's developers use a Personal Package Archive (PPA) to distribute Certbot. The software properties package makes it more efficient to work with PPAs. @@ -112 +112 @@ Certbot is a client used to request a certificate from Let’s Encrypt and deplo -If you encounter a `Could not get lock` error when running the `sudo apt-get install` command, please wait approximately 15 minutes and try again. This error may be caused by a cron job that is using the Apt package management tool to install unattended upgrades. +If you encounter a `Could not get lock` error when running the `sudo apt-get install` command, please wait approximately 15 minutes and try again. This error may be caused by a cron job that is using the Apt package management tool to install [unattended-upgrades](https://wiki.debian.org/PeriodicUpdates). @@ -225 +225 @@ The Lightsail console pre-populates the apex portion of your domain. For example -Use the MxToolbox utility to confirm that the TXT records have propagated to the Internet’s DNS. DNS record propagation might take a while depending on your DNS hosting provider, and the configured time to live (TTL) for your DNS records. It is important that you complete this step, and confirm that your TXT records have propagated, before continuing your Certbot certificate request. Otherwise, your certificate request fails. +Use the MxToolbox utility to confirm that the TXT records have propagated to the internet's DNS. DNS record propagation might take a while depending on your DNS hosting provider, and the configured time to live (TTL) for your DNS records. It is important that you complete this step, and confirm that your TXT records have propagated, before continuing your Certbot certificate request. Otherwise, your certificate request fails. @@ -227 +227 @@ Use the MxToolbox utility to confirm that the TXT records have propagated to the -###### To confirm the TXT records have propagated to the Internet’s DNS +###### To confirm the TXT records have propagated to the internet's DNS @@ -231 +231 @@ Use the MxToolbox utility to confirm that the TXT records have propagated to the - 2. Enter the following text into the text box. Be sure to replace ``domain`` with your domain. + 2. Enter the following text into the text box. Be sure to replace `domain` with your domain. @@ -245 +245 @@ Example: - * If your TXT records have propagated to the Internet’s DNS, you see a response similar to the one shown in the following screenshot. Close the browser window and continue to the next section of this tutorial. + * If your TXT records have propagated to the internet's DNS, you see a response similar to the one shown in the following screenshot. Close the browser window and continue to the next section of this tutorial. @@ -249 +249 @@ Example: - * If your TXT records have not propagated to the Internet’s DNS, you see a **DNS Record not found** response. Confirm that you added the correct DNS records to your domains’ DNS zone. If you added the correct records, wait a while longer to let your domain’s DNS records propagate, and run the TXT lookup again. + * If your TXT records have not propagated to the internet's DNS, you see a **DNS Record not found** response. Confirm that you added the correct DNS records to your domains' DNS zone. If you added the correct records, wait a while longer to let your domain's DNS records propagate, and run the TXT lookup again. @@ -289,17 +289 @@ You should see a response similar to the following: - 2. Enter the following command to set an environment variable for your domain. You can more efficiently copy and paste commands to link the certificate files. Be sure to replace ``domain`` with the name of your registered domain name. - - DOMAIN=domain - -Example: - - DOMAIN=example.com - - 3. Enter the following command to confirm the variables return the correct values: - - echo $DOMAIN - -You should see a result similar to the following: - - - - 4. Enter the following commands individually to rename your existing certificate files as backups. Refer to the **Important** block at the beginning of this tutorial for information about the different distributions and file structures. + 2. Enter the following commands individually to rename your existing certificate files as backups. Refer to the **Important** block at the beginning of this tutorial for information about the different distributions and file structures. @@ -329 +313,5 @@ Approach B (Self-contained Bitnami installations): - 5. Enter the following commands individually to create links to your Let’s Encrypt certificate files in the Apache directory. Refer to the **Important** block at the beginning of this tutorial for information about the different distributions and file structures. + 3. Enter the following commands individually to create links to your Let’s Encrypt certificate files in the Apache directory. Refer to the **Important** block at the beginning of this tutorial for information about the different distributions and file structures. + +###### Note + +If you closed your browser-based SSH terminal window since setting the `DOMAIN` variable in Step 3, run `DOMAIN=`example.com`` again, replacing `example.com` with your domain. @@ -351 +339 @@ Approach B (Self-contained Bitnami installations): - 6. Enter the following command to start the underlying services that you had stopped earlier: + 4. Enter the following command to start the underlying services that you had stopped earlier: @@ -361 +349 @@ The SSL certificate files for your WordPress instance are now in the correct dir - 7. Continue to the next section of this tutorial. + 5. Continue to the next section of this tutorial. @@ -419 +407 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -NGINX +Nginx