AWS SSL on Bitnami Wordpress instance wont work

Hi All,

I just installed the Bitnami WordPress image ?(via marketplace) to Amazon EC2 (no problems), obtained a SSL via AWS Certificate Manager, created a Classic Load Balancer and connected to the new instance. Changed Route53 for A record to point to the ELB DNS record - the site all loads fine in normal http mode, but I am missing something around getting https to work? At one point, https was working (albeit with message - this site is insecure etc) - but have read multiple threads, tried editing files such as httpd-app.conf, httpd-vhosts.conf and bitnami.conf - I ended up killing the site, and had to temporary remove my ELB and point A record back to my static IP.

Could anyone provide simple and clear instructions on what files I need to edit in Bitnami, Apache or WordPress to get this AWS SSL working? Note, AWS SSL does not provide actual certificate files (like others) - it apparently works all via the load balancer.

Most of the threads deal with multi site or 3rd party SSL configs - i ended up more confused :slight_smile:

Its a SINGLE domain (not multi) - just need help getting this to work - sincerely appreciated

AWS Certificate Manager is fairly new, so haven’t had a chance to play with it.

However, if you feel up for it, you could try CertBot.

Instructions for WordPress. After generating the certificate, then you’ll need to read up on the instructions on the Apache instructions page BUT follow the instructions on my thread here (because the Apache ones aren’t for WordPress, but missing on the Wordpress instructions page).

If that’s all a bit confusing, let us know. :slight_smile:

1 Like

Hi,

According to Amazon’s documentation for configuring Classic Load Balancers, there are several possible configurations for your backend. Assuming you set up an HTTPS listener on your load balancer, how did you connect your load balancer to your WordPress instance?

You mentioned you got HTTPS working at some point. Could you please explain what was the configuration that made this work?

Thank you for your kind cooperation.

Best regards,
Alvaro Recio

Thanks for the comments guys… Arecio I temporarily had https using the pre-shipped Bitnami SSL dummy certs. Hence, I commented those lines out and subsequently lost my https.

SSLCertificateFile “/opt/bitnami/apache2/conf/server.crt”

SSLCertificateKeyFile “/opt/bitnami/apache2/conf/server.key”

Most of the instructions I have found seem logical when using actual certificates from 3rd party providers. As we know, the AWS SSL does not download/install certificate files/signatures - it all comes from the ELB - hence, Im stuck.

I can of course go with a 3rd party option - but was hoping to use the AWS option for the first time :slight_smile:

UPDATE: I am almost there… No errors now, everything redirect to https etc - only remaining issue is that I get the insecure icon in browser, but get the green SSL when I access /wp-admin (wierd) = but seem to be getting very close… Any ideas why my backend is secure but front end not showing secure? (PS: SSL checker is showing everything as setup/registered perfectly)… THANKS for your assistance.

Resolved: The final issue was a “Mixed content” issue - which the SSL fix plugin resolved for me… All working 100%

1 Like

Hi,

We are glad that you were able to fix the issue. If you have any other question, please don’t hesitate to ask.

Best regards,
Alvaro Recio

Hey Guys,

I think i have something similar going on here. I ran through the LetsEncrypt steps on a new build and apache starts but i dont get any pages served.

Please help ASAP…dead in the water.

Thanks,
Matt

Hi @mattv,

Did you follow the steps from our Let’s Encrypt guide? Could you check for errors in the apache error log? You can find it in the following path:

/opt/bitnami/apache2/logs/error_log

Regards,

Michiel D’Hont

Hi Micheil,

Thanks for the reply. Here is the error log…

[Sun May 13 09:51:37.703988 2018] [authz_core:error] [pid 3346:tid 1397179452474 88] [client 178.62.249.22:41224] AH01630: client denied by server configuration: /opt/bitnami/apps/phpmyadmin/htdocs/
[Sun May 13 10:15:53.432025 2018] [authz_core:error] [pid 11495:tid 139717869713 152] [client 111.231.207.136:15464] AH01630: client denied by server configurati on: /opt/bitnami/apps/phpmyadmin/htdocs/index.php
[Sun May 13 10:16:13.444916 2018] [authz_core:error] [pid 11495:tid 139717643110 144] [client 111.231.207.136:15464] AH01630: client denied by server configurati on: /opt/bitnami/apps/phpmyadmin/htdocs/phpmyadmin
[Sun May 13 19:17:37.551953 2018] [authz_core:error] [pid 11495:tid 139717911676 672] [client 13.79.160.127:1024] AH01630: client denied by server configuration: /opt/bitnami/apps/phpmyadmin/htdocs/
[Mon May 14 06:11:54.713447 2018] [authz_core:error] [pid 11495:tid 139717852927 744] [client 140.143.233.66:51607] AH01630: client denied by server configuratio n: /opt/bitnami/apps/phpmyadmin/htdocs/index.php
[Mon May 14 06:12:34.753609 2018] [authz_core:error] [pid 3346:tid 1397177186444 80] [client 140.143.233.66:57976] AH01630: client denied by server configuration : /opt/bitnami/apps/phpmyadmin/htdocs/phpmyadmin
[Mon May 14 16:38:37.780869 2018] [authz_core:error] [pid 11658:tid 139718191359 744] [client 192.186.81.254:38098] AH01630: client denied by server configuratio n: /opt/bitnami/apps/phpmyadmin/htdocs/
[Tue May 15 07:02:00.383234 2018] [authz_core:error] [pid 11495:tid 139717878105 856] [client 115.159.55.99:16149] AH01630: client denied by server configuration : /opt/bitnami/apps/phpmyadmin/htdocs/index.php
[Tue May 15 07:02:43.779455 2018] [authz_core:error] [pid 11495:tid 139718071138 048] [client 115.159.55.99:23406] AH01630: client denied by server configuration : /opt/bitnami/apps/phpmyadmin/htdocs/phpmyadmin
[Tue May 15 12:23:39.515253 2018] [authz_core:error] [pid 11495:tid 139717920069 376] [client 222.177.11.245:50057] AH01630: client denied by server configuratio n: /opt/bitnami/apps/phpmyadmin/htdocs/index.php
[Tue May 15 12:24:20.851295 2018] [authz_core:error] [pid 11495:tid 139717659895 552] [client 222.177.11.245:61471] AH01630: client denied by server configuratio n: /opt/bitnami/apps/phpmyadmin/htdocs/phpmyadmin
[Tue May 15 20:27:25.117415 2018] [authz_core:error] [pid 11496:tid 139718096316 160] [client 47.91.240.95:51543] AH01630: client denied by server configuration: /opt/bitnami/apps/phpmyadmin/htdocs/index.php
[Tue May 15 20:27:56.924699 2018] [authz_core:error] [pid 11495:tid 139718037567 232] [client 47.91.240.95:57818] AH01630: client denied by server configuration: /opt/bitnami/apps/phpmyadmin/htdocs/phpmyadmin
[Wed May 16 02:21:36.731466 2018] [mpm_event:notice] [pid 11487:tid 139718450185 984] AH00491: caught SIGTERM, shutting down

Noticed there is no CSR…

bitnami@ip-172-26-11-42:/$ sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
bitnami@ip-172-26-11-42:/$ sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
bitnami@ip-172-26-11-42:/$ sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
mv: cannot stat ‘/opt/bitnami/apache2/conf/server.csr’: No such file or directory
bitnami@ip-172-26-11-42:/$ sudo ln -s /etc/lego/certificates/chainlogicllc.com.key /opt/bitnami/apache2/conf/server.key
bitnami@ip-172-26-11-42:/$ sudo ln -s /etc/lego/certificates/chainlogicllc.com.crt /opt/bitnami/apache2/conf/server.crt
bitnami@ip-172-26-11-42:/$ sudo chown root:root /opt/bitnami/apache2/conf/server*
bitnami@ip-172-26-11-42:/$ sudo chmod 600 /opt/bitnami/apache2/conf/server*
bitnami@ip-172-26-11-42:/$
bitnami@ip-172-26-11-42:/$ sudo /opt/bitnami/ctlscript.sh start
/opt/bitnami/mysql/scripts/ctl.sh : mysql started at port 3306
/opt/bitnami/php/scripts/ctl.sh : php-fpm started

bitnami@ip-172-26-11-42:/opt/bitnami/apache2/conf$ ls
bitnami extra magic modsecurity.conf pagespeed.conf php-fpm-apache.conf server.crt server.key ssi.conf
deflate.conf httpd.conf mime.types original pagespeed_libraries.conf privkey.pem server.crt.old server.key.old

Moving discussion to Attempted LetsEncrypt on AWS and site broke...no longer serving