Autorenewal script for ssl not working

Type: Bitnami Support Tool

Description:
Hi,
We are trying to renew ssl in aws using autorenewal script and we also took support from aws for that and they check and set all these things but still autorenewal script not working so now they are asking from your support. So, please guide us

Hi @palak,

This is not a “Bitnami Support Tool” related question, but a technical issue with the instance. That category is only for issues with the tool itself. Please create a new ticket in the forum using the “Technical issue” category so you review all the information the wizard provides when evaluating the information.

Thanks

Hi,
I ran bitnami support tool but it is saying like below
“The diagnostic bundle file was successfully created, but the automatic upload to Bitnami servers failed. You will need to upload it to your Bitnami Support ticket manually. Please locate the following file in your file browser or in your terminal: /tmp/bitnami-wordpressmultisite-info-20211220-113705-20982.zip Exercise caution when uploading the resulting diagnostic bundle to public sites as it contains detailed diagnostic information”

So, I can’t get id and also not able to create topic for my problem

Ok @palak,

It seems there is a problem when uploading the file. Can you run these commands so we obtain more info from your instance?

free -m
df -H
ping -c 5 8.8.8.8
echo "sudo's crontab"
sudo crontab -l
echo "bitnami's crontab"
crontab -l

Hi,
Please find below output

 free -m
              total        used        free      shared  buff/cache   available
Mem:           1998         512         557         112         929        1134
Swap:             0           0           0

$ df -H
Filesystem      Size  Used Avail Use% Mounted on
udev            1.1G     0  1.1G   0% /dev
tmpfs           210M   22M  189M  11% /run
/dev/xvda1       11G  7.3G  3.2G  70% /
tmpfs           1.1G     0  1.1G   0% /dev/shm
tmpfs           5.3M     0  5.3M   0% /run/lock
tmpfs           1.1G     0  1.1G   0% /sys/fs/cgroup
tmpfs           210M     0  210M   0% /run/user/1000

~$ ping -c 5 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=1.24 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=54 time=1.30 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=54 time=1.31 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=54 time=1.30 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=54 time=1.31 ms

--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 1.248/1.297/1.315/0.024 ms

~$ echo "sudo's crontab"
sudo's crontab

bitnami@ip-172:~$ sudo crontab -l
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h  dom mon dow   command

5,20,35,50 * * * * su daemon -s /bin/sh -c "/opt/bitnami/php/bin/php -q /opt/bit                                                                                        nami/apps/mautic/htdocs/app/console mautic:campaigns:rebuild" #mautic-campaings-                                                                                        rebuild-cron
10,25,40,55 * * * * su daemon -s /bin/sh -c "/opt/bitnami/php/bin/php -q /opt/bi                                                                                        tnami/apps/mautic/htdocs/app/console mautic:campaigns:trigger" #mautic-campaigns                                                                                        -trigger-cron
*/5 * * * * su daemon -s /bin/sh -c "/opt/bitnami/php/bin/php -q /opt/bitnami/ap                                                                                        ps/mautic/htdocs/app/console mautic:emails:send" #mautic-email-send-cron
*/30 * * * * su daemon -s /bin/sh -c "/opt/bitnami/php/bin/php -q /opt/bitnami/a                                                                                        pps/mautic/htdocs/app/console mautic:iplookup:download" #mautic-maxmind-geolite2
*/10 * * * * su daemon -s /bin/sh -c "/opt/bitnami/php/bin/php -q /opt/bitnami/a                                                                                        pps/mautic/htdocs/app/console mautic:segments:update" #mautic-segments
*/5 * * * * su daemon -s /bin/sh -c "/opt/bitnami/php/bin/php -q /opt/bitnami/ap                                                                                        ps/mautic/htdocs/app/console mautic:broadcasts:send" #mautic-broadcast-segment-e                                                                                        mails
*/5 * * * * su daemon -s /bin/sh -c "/opt/bitnami/php/bin/php -q /opt/bitnami/ap                                                                                        ps/mautic/htdocs/app/console mautic:social:monitoring" #mautic-social-monitoring
*/5 * * * * su daemon -s /bin/sh -c "/opt/bitnami/php/bin/php -q /opt/bitnami/ap                                                                                        ps/mautic/htdocs/app/console mautic:import" #mautic-contact-import


0 0 1 */2 * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh >> /var/log/le                                                                                        go.log 2>&1


bitnami@ip-172:~$ echo "bitnami's crontab"
bitnami's crontab

bitnami@ip-172:~$ crontab -l
no crontab for bitnami

hi @palak,

Can you run the renew-certificate.sh script now?

sudo /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

Please post the entire output here

bitnami@ip-172:~$ sudo /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
/opt/bitnami/php/scripts/ctl.sh : php-fpm stopped
/opt/bitnami/mysql/scripts/ctl.sh : mysql stopped
/opt/bitnami/mysql/scripts/ctl.sh : mysql  started at port 3306
/opt/bitnami/php/scripts/ctl.sh : php-fpm started
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80

Hi @palak,

There is no certificate information there, what’s the content of the script?

cat /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
bitnami@ip-172-31-12-167:~$ cat /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

sudo /opt/bitnami/ctlscript.sh stop


sudo lego --email="marketing@f4e.co.uk" --domains="funding4education.co.uk" --domains="www.funding4education.co.uk" --domains="payastheyplay.co.uk" --domains="www.payastheyplay.co.uk"   --domains="marketing.funding4education.co.uk" --path="/etc/lego" renew --days 30
sudo lego --email="marketing@f4e.co.uk" --domains="marketing.funding4education.co.uk"  --path="/opt/bitnami/apps/mautic/conf/certs" renew  --days 30

sudo /opt/bitnami/ctlscript.sh start

What’s the output of those lego commands?

sudo lego --email="marketing@f4e.co.uk" --domains="funding4education.co.uk" --domains="www.funding4education.co.uk" --domains="payastheyplay.co.uk" --domains="www.payastheyplay.co.uk"   --domains="marketing.funding4education.co.uk" --path="/etc/lego" renew --days 30
sudo lego --email="marketing@f4e.co.uk" --domains="marketing.funding4education.co.uk"  --path="/opt/bitnami/apps/mautic/conf/certs" renew  --days 30

Hi,
How to run this command because output is same like it will updating ssl certificate

Hello @palak,

Could you please access your instance via SSH and copy/paste the commands that @jota mentioned? Please share the whole output with us.

Regards

bitnami@ip-172-31-12-167:~$ sudo lego --email="marketing@f4e.co.uk" --domains="funding4education.co.uk" --domains="www.funding4education.co.uk" --domains="payastheyplay.co.uk" --domains="www.payastheyplay.co.uk"   --domains="marketing.funding4education.co.uk" --path="/etc/lego" renew --days 30`
bitnami@ip-172-31-12-167:~$
bitnami@ip-172-31-12-167:~$ sudo lego --email="marketing@f4e.co.uk" --domains="marketing.funding4education.co.uk"  --path="/opt/bitnami/apps/mautic/conf/certs" renew  --days 30`
bitnami@ip-172-31-12-167:~$

Hi @palak

It seems that either the commands were not executed or the output was not correctly copied. Please, copy the commands again, one by one in your terminal, and ensure they are executed (you should expect some kind of text output as a response). Additionally, copy and share with us the output each of them produced.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

bitnami@ip-172-31:~$ sudo lego --email="marketing@f4e.co.uk" --domains="marketing.funding4education.co.uk"  --path="/opt/bitnami/apps/mautic/conf/certs" renew  --days 30
bitnami@ip-172-31-12-167:~$

bitnami@ip-172-:~$ sudo lego --email="marketing@f4e.co.uk" --domains="funding4education.co.uk" --domains="www.funding4education.co.uk" --domains="payastheyplay.co.uk" --domains="www.payastheyplay.co.uk"   --domains="marketing.funding4education.co.uk" --path="/etc/lego" renew --days 30
bitnami@ip-172-31-12-167:~$

Same output as earlier i sent you.

Hello @palak,

It is really weird you don’t obtain any output from those commands. Could you please execute this?

which lego
sudo lego --help

Please share the output with us.

Regards

bitnami@ip-172:~$ sudo lego --help
NAME:
lego - Let’s Encrypt client written in Go

USAGE:
lego [global options] command [command options] [arguments…]

VERSION:
1.1.0

COMMANDS:
run Register an account, then create and install a certificate
revoke Revoke a certificate
renew Renew a certificate
dnshelp Shows additional help for the --dns global option
help, h Shows a list of commands or help for one command

GLOBAL OPTIONS:
–domains value, -d value Add a domain to the process. Can be specified mul tiple times.
–csr value, -c value Certificate signing request filename, if an exter nal CSR is to be used
–server value, -s value CA hostname (and optionally :port). The server ce rtificate must be trusted in order to avoid further modifications to the client. (default: “https://acme-v02.api.letsencrypt.org/directory”)
–email value, -m value Email used for registration and recovery contact.
–filename value Filename of the generated certificate
–accept-tos, -a By setting this flag to true you indicate that yo u accept the current Let’s Encrypt terms of service.
–eab Use External Account Binding for account registra tion. Requires --kid and --hmac.
–kid value Key identifier from External CA. Used for Externa l Account Binding.
–hmac value MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding.
–key-type value, -k value Key type to use for private keys. Supported: rsa2 048, rsa4096, rsa8192, ec256, ec384 (default: “rsa2048”)
–path value Directory to use for storing the data (default: " /home/bitnami/.lego")
–exclude value, -x value Explicitly disallow solvers by name from being us ed. Solvers: “http-01”, “dns-01”, “tls-alpn-01”.
–webroot value Set the webroot folder to use for HTTP based chal lenges to write directly in a file in .well-known/acme-challenge
–memcached-host value Set the memcached host(s) to use for HTTP based c hallenges. Challenges will be written to all specified hosts.
–http value Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port
–tls value Set the port and interface to use for TLS based c hallenges to listen on. Supported: interface:port or :port
–dns value Solve a DNS challenge using the specified provide r. Disables all other challenges. Run ‘lego dnshelp’ for help on usage.
–http-timeout value Set the HTTP timeout value to a specific value in seconds. The default is 10 seconds. (default: 0)
–dns-timeout value Set the DNS timeout value to a specific value in seconds. The default is 10 seconds. (default: 0)
–dns-resolvers value Set the resolvers to use for performing recursive DNS queries. Supported: host:port. The default is to use the system resolvers, or Google’s DNS resolvers if the system’s cannot be determined.
–pem Generate a .pem file by concatenating the .key an d .crt files together.
–help, -h show help
–version, -v print the version

Hi @palak,

Thanks for your message. According to the output you shared you are using a very old version of the lego tool. Can you update it to the latest version by following the steps in the next guide and try again to renew your certificate?

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#step-1-install-the-lego-client

Apart from that, please note that if your certificate has already expired, you will need to request a brand new one, instead of a renewal.

Hi,
i just check it out my site ssl on ssl checker site and it is showing 47 days remain. So, is this ok or need to generate new one? and i think if i run renewalscript code manually then certificate is going to update still i am going to update lego command.