Lightsail Tips

Getting an A+ SSL Rating on Nginx Apache Server

Table of Contents

Saturday 8 August 15:18

Getting A+ SSL Rating on Apache

Getting an A+ SSL Rating on Lightsail is just a 5-minute task,

It’s only turning off old versions of SSL from your configuration file.

Getting a free SSL is well documented by the lightsail team here, in a 9 Step Tutorial, if you have not got an SSL please get one,

SSL improves your SEO, maintains trust for the visitor and is a must for any website in 2020.

After reading this post from Qualys, searching some more articles

I could make out that getting A+ SSL rating and not allowing the previous versions of SSL on a website or a blog is both good for your SEO Strategy and Security part.

So, here it is Get your site checked here on the Qualys Tool For SSL it’s Free!

Here is a screenshot of a test when I just started this blog and was continuously improving on its security, SEO, and everything I could do for achieving a simple, secure and a pro website.

SSL B Grade

Getting the same as an A+ was just a 5 minutes task, from start to finish on a lightsail hosted website, using apache server, with bitnami image of wordpress.

Here’s how I got this from B to A+

Getting A+ Rating on SSL on a lightsail hosted website

Just head over to your SSH Window and start with :

sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf

Soon you are into editing the bitnami.conf file, so we have to just turn off the old versions of SSL

Find this line with “CTRL+W”, or whatever that line reads near SSL Protocol

SSLProtocol all -SSLv2 -SSLv3

Change the same to

SSLProtocol TLSv1.2

CTRL+O to write out and CTRL+X to Exit

Restart the Apache

sudo /opt/bitnami/ restart

Getting A+ SSL Rating Nginx Server

sudo nano /etc/nginx/nginx.conf

Change the lines that start with #SSL Settings to Exactly the code below this would also add the session timeout and Strict Security Header :


    ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

Once done just restart your server with :

sudo service nginx reload && sudo service nginx restart

This gives A+ SSL Rating.

SSL is a must if you use AMP on your WordPress Blog. , Also here’s a collection of some website testing tools that I keep on updating.

HSTS Preload on NGINX Server

add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

This gives you a HSTS Header on your site, if you use Nginx Server, Enrolling to HSTS list is good for your sites security, this enables browsers to understand that your site is only served on a secured connection.

You can enrol here for HSTS, First, you need to test on the same link then Enroll the domain.

HSTS Preload on APACHE Server

Mod Headers Looks Like :

First, enable mod headers in your httpd.conf file,

you can find in the /etc/apache2/httpd.conf :

LoadModule headers_module modules/

then simply add the below line in your virtual host’s file.

<VirtualHost *:443>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

By Rahul Kharbanda

I am Rahul Kharbanda from India. I hope you like all the content I made. Welcome to comment & connect.
I am on Quora , Github , Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *