Can only get SSL on my main Domain

Keywords: WordPress Multisite - Google Cloud Platform - How to - Secure Connections (SSL/HTTPS)
Description:
Hi there, I started with my main site and got that working without any issues (used the bncert tool). Now I’ve tried to add a subdomain, which connects so DNS all ok!. I have tried everything to get it secure and I just can’t. Is there a dummies guide to revoke the old cert and add a new one with appropriate redirects and ideally HSTS secure?. (Not great at code so copy & paste would be ideal). Thanks J

Hi @james8,

The following guide shows how to configure your WordPress multisite with different certificates:

https://docs.bitnami.com/bch/apps/wordpress-multisite/administration/use-different-ssl-certificates/

This guide shows how to revoke an existing certificate:

https://docs.bitnami.com/aws/how-to/understand-bncert/#manually-revoking-an-existing-certificate

Regards,
Michiel

Hi Michiel

Gave that a go, couldn’t get it to work, the instructions are far too complicated.

The cert won’t revoke and fails every time!. :frowning:

James

This what I get when I try to run bncert

The Bitnami HTTPS Configuration Tool will perform any necessary actions to your
Bitnami installation. This may take some time, please be patient.
|
An error occurred revoking certificates with Let’s Encrypt:
2021/03/23 15:31:46 Error while revoking the certificate for domain
www.candieyestudio.co.uk
acme: error: 403 :: POST ::
https://acme-v02.api.letsencrypt.org/acme/revoke-cert ::
urn:ietf:params:acme:error:unauthorized :: Certificate is expired
Please check our documentation and support forums, we’ll be happy to help!

Hi @james8,

If the certificate is expired there is no need to revoke it. I recommend creating a new certificate for the subdomain following this approach:

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#alternative-approach

And then configure it for the subdomain following this guide:

https://docs.bitnami.com/bch/apps/wordpress-multisite/administration/use-different-ssl-certificates/

Regards,
Michiel

Hi Michiel

Was about to go ahead and give it a go, but the second link doesn’t work.

Didn’t want to break anything so on pause.

Do you have a new link, please?

Thanks

James

Also, I assume I need to enter all the sudomains here also?

sudo /opt/bitnami/letsencrypt/lego --tls --email=“EMAIL-ADDRESS” --domains=“DOMAIN” --domains=“www.DOMAIN” --path="/opt/bitnami/letsencrypt" run

Thanks

James

Sorry, wrong one!

I meant this line here, Is it just the main domain cert name I need to insert?

sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/apache2/conf/server.key

Thanks

James

Hi @james8,

You need to replace DOMAIN with your main domain name.

Yes.

Sorry, there was an extra character at the end of the URL so it didn’t work. I’ve changed the original post to avoid confusion.

https://docs.bitnami.com/bch/apps/wordpress-multisite/administration/use-different-ssl-certificates/

Regards,
Michiel

Thanks mate

Will give that a go this afternoon!.

Sorry I’m so dumb, all new to me I’m afraid.

Kindest regards

James

Just looking at step 2

How do I access that area?

The Instructions are a little vague.

Thanks

James

Hi @james8,

For the second step you need to open the file: bitnami-apps-vhosts.conf file.

sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf 

And then add the following line at the end:

Include "/opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf"

Regards,
Michiel

Hey dude

Tried and failed, it’s completely fucked now!. :frowning:

Not even connecting, what do I do??

James

This is what I input…
sudo /opt/bitnami/letsencrypt/lego --tls --email="james@candieyestudio.co.uk" --domains=“candieyestudio.co.uk” --domains=“www.candieyestudio.co.uk” --domains=“models.candieyestudio.co.uk” --domains=“www.models.candieyestudio.co.uk” --domains=“book.candieyestudio.co.uk” --domains=“www.book.candieyestudio.co.uk” --domains=“shop.candieyestudio.co.uk” --domains=“www.shop.candieyestudio.co.uk” --path="/opt/bitnami/letsencrypt" run

Error output
james@instance-1:~$ sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf
james@instance-1:~$ sudo /opt/bitnami/ctlscript.sh stop
AH00526: Syntax error on line 1 of /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf:
Invalid command ‘Bitnami’, perhaps misspelled or defined by a module not included in the server configuration
apache config test fails, aborting
/opt/bitnami/php/scripts/ctl.sh : php-fpm not running
/opt/bitnami/mysql/scripts/ctl.sh : mysql not running

Hi @james8,

We have a Support Tool that will gather relevant information for us to analyze your configuration and logs. Could you please execute it on the machine where the stack is running by following the steps described in the guide below?

How to Run the Bitnami Support Tool in a cloud image or virtual machine

Please note that you need to paste the code ID that is shown at the end.

Regards,
Michiel

Cheers dude

20117c39-2736-1550-4cdf-91b65aab691f

Hi @james8,

The first line of the /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf file should be commented out:

# Bitnami applications installed in a Virtual Host 

Can you comment it out and then restart Apache?

sudo /opt/bitnami/ctlscript.sh restart apache

Regards,
Michiel

No Joy…

james@instance-1:~$ sudo /opt/bitnami/ctlscript.sh restart apache
Unmonitored apache
AH00526: Syntax error on line 14 of /opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf:
SSLCertificateFile: file ‘/opt/bitnami/apps/wordpress/conf/certs/server.crt’ does not exist or is empty
apache config test fails, aborting
AH00526: Syntax error on line 14 of /opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf:
SSLCertificateFile: file ‘/opt/bitnami/apps/wordpress/conf/certs/server.crt’ does not exist or is empty
apache config test fails, aborting
Monitored apache
james@instance-1:~

Hey dude,

I ran through it all again from scratch and it’s working on the main and all subdomains! :slight_smile: !! Yay !!

Not sure if I Have configured the expiry renewal properly though?

Any advice on additional security, Google CDN etc?

Thanks

James