Bitnami Wordpress Multisite GCP: self-signed certificates - where to start

Hi everyone,

greetings from a sunny belgium! A couple of of days I installed my first GCP-server with a Bitnami WordPress Multisite on it. Accessing it by IP is no problem at all, the installation worked like a charm.

However, when I pointed my domain to the IP, I ran into problems with the certificate for https, which of course, I didn’t install yet. So I started looking around and read a lot about Certbot, autocert, Letsencrypt and things like that. Problem is that I ran into trouble from step 1 with almost every procedure I started. I had the impression that everything I read was a bit… outdated or even missing some steps.

My question: is there an official and up-to-date “howto” or procedure on how to handle those certificates after a fresh install of Bitnami WordPress Multisite? And since it is a Multisite: what about future domains and certificates?

I thank you very much for your help and hope you can enjoy the sun as I will do in a minute…

kind regards,

24

Hi @twentyfourdegrees,

Thank you for your interest in Bitnami. This page in our documentation explains how to generate a Let’s Encrypt certificate and configure the Bitnami solution. You can set multiple domains when generating the certificate so you can add more in the future.

https://docs.bitnami.com/google/how-to/generate-install-lets-encrypt-ssl/

NOTE: you need to substitute “DOMAIN” with the real domain you used when generating the certificate.

:sun_with_face: Spain, where I’m writing from, is also plenty of sunshine :slight_smile:

Happy to help!


Was my answer helpful? Click on :heart:

Hi Jota,

thanks for the reply. I follow the tutorial you have pointed to and the first few steps went well. But when I try to generate a certificate, I get following error:


acme: Error 403 - urn:ietf:params:acme:error:unauthorized - Invalid response from http://mydomain.com/.well-known/acme-challenge

I will try to investigate this error a bit further but all help welcome.

kind regards from a rainy belgium,

24

Hi @twentyfourdegrees,

Can you check if the DNS is configured properly? The domains you set when running the lego command must be configured with the IP of the instance.

https://www.whatsmydns.net/

Happy to help!


Was my answer helpful? Click on :heart:

Hi Jota,

I checked the DNS settings using the site you provided, and there was an issue with the AAAA-record. That has been resolved.

Current situation:
STEP 1: Success
STEP 2: Success: Server responded with a certificate

But at step 3 I have issues:

sudo chown root:root /opt/bitnami/apache2/conf/server*
chown: cannot dereference ‘/opt/bitnami/apache2/conf/server.crt’: No such file or directory
chown: cannot dereference ‘/opt/bitnami/apache2/conf/server.key’: No such file or directory

When I look for this /opt/bitnami/apache2/conf/server directory, it is indeed not there? And as a result, Apache doens’t want to start anymore :smiley:

AH00526: Syntax error on line 46 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/opt/bitnami/apache2/conf/server.crt’ does not exist or is empty
apache config test fails, aborting

I think I might have made a mistake in this lines:
sudo ln -s /etc/lego/certificates/DOMAIN.key /opt/bitnami/apache2/conf/server.key
sudo ln -s /etc/lego/certificates/DOMAIN.crt /opt/bitnami/apache2/conf/server.crt

I replaced the DOMAIN with the mydomain and not with the mydomain.be. That might be an issue, maybe.

Thanks for all the help, I’m sure we’ll get there :wink:

Update: when I check this, the directory neither subdirectory certificates exists:

sudo ln -s /etc/lego/certificates/DOMAIN.key /opt/bitnami/nginx/conf/server.key

FYI: I think something went wrong with symbolic linking:

/opt/bitnami/apache2/conf# readlink -f server*
/opt/bitnami/apache2/conf/server.crt.old
/opt/bitnami/apache2/conf/server.csr.old
/opt/bitnami/apache2/conf/server.key.old

Ok, we made progression:

/opt/bitnami/ctlscript.sh start

/opt/bitnami/mysql/scripts/ctl.sh : mysql started at port 3306
/opt/bitnami/php/scripts/ctl.sh : php-fpm started
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80

So I think the part of creating a certificate succeeded, woohoo !!
But although I restarted everything using the ctlscript.sh script, when visiting my site it still gives a privacy warning in Chrome?

Should I do something with the machine name? I’ll try to figure out what is going wrong and restart the VM all together, you never know :wink:

kind regards,

Wish I could move to Spain :smiley:

Hi @twentyfourdegrees,

If you open the console in Chrome, you will see why your site is not secure (this screenshot is an example of this community site)

Hi Jota,

I have changed the name in the wp-config.php, because there was the only reference I found to the xip.io address. Sorry, I forgot about that. While I wanted to check the Chrome console, I’m afraid another fault turned up:

This page doesn’t work: to many redirects.

So I’m trying to fix that now. FYI I attach the screenshot from Chrome Security.

Again, thanks for all the help.

FYI: for the ERR_TOO_MANY_REDIRECTS I’m looking into the kimbholmes.org post:

FYI and other people that have the same error:

I solved the ERR_TOO_MANY_REDIRECTS thanks to your comments on a previous post:

cd /opt/bitnami/apps/wordpress/
sudo ./bnconfig --machine_hostname mydomain.com

Original post: Redirects to WP-multisite sign up page after doing a fresh multisite install due to an accidental EC2 instance termination

Hi Jota,

everything seems to be working fine now. Allow me to thank you very much for all your help!

A short note on what I did that maybe might help other people out:

  1. Install the Bitnami WordPress Multisite on a VM in Google Cloud Platform
    Go to https://cloud.google.com

  2. Make sure all the DNS-records, both IPv4 and IPv6 are pointing to your new external server IP
    You will have to do that using your domain host.

  3. In Google Cloud, set the IP-address of your WordPress Multisite to an external fixed IP-adres

  4. Rename your new WordPress Multisite and give it a hostname corresponding to your domain, without the www
    cd /opt/bitnami/apps/wordpress/
    sudo ./bnconfig --machine_hostname mydomain.com

  5. Make sure to add the correct domain settings in WordPress wp-config.php
    More info

  6. Download Lego and create a certificate
    https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

So, I hope I helped someone with this. The installation isn’t finished yet, but it’s a good start.

Again, thanks Jota !

kind regards,

24

1 Like

Hi @twentyfourdegrees,

Thank you so much for the detailed guide, I’m sure it will help the users who want to configure the domain and the certificates in the Bitnami solution :slight_smile:

I proceed to close this ticket as solved. If you have any other questions, please do not hesitate to open a new thread.

Enjoy!