Cannot access /.well-known/ with domain.com, but can access with www.domain.com - so bncert tool doesn't work to renew

Keywords: WordPress Multisite - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: af7b422a-9d82-c950-235b-ef3f0be4ed9a
Description:
I have a Wordpress multisite with an additional Wordpress install added on following the [instructions here.] (How to install several Wordpress modules on the same stack?). Everything works well, except the bncert tool cannot renew certificates automatically because one domain doesn’t allow access to /.well-known/ with domain.com. This is the primary domain for the additional site and it does work with www.domain.com or another domain that redirects to domain.com.
So the following work: www.domain.com/.well-known/, otherdomain.com/.well-known/ (where otherdomain.com redirects to domain.com), but domain.com/.well-known/ returns 404. Is there some configuration step I’m missing to direct domain.com/.well-known/ to the well known folder?

Hi @larssandergreen

Thanks for using Bitnami WordPress Multisite!

Have you executed the bncert tool itself? What is the error this tool is reporting?

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Thanks @jcarmona. Yes, the bncert tool is logging the following:

Domain k**pitwild.ca did not pass HTTP challenge validation

This is the domain for which I have the problem of not being able access the .well-known files.

Thanks! Okay, so first let’s try to bound the issue.

In order to renew certificates, the domain.com/.well-known/ URL path will be used by Let’sEncrypt for storing a challenge file to verify the domain. This directory is mapped to /opt/bitnami/apps/letsencrypt/.well-known, which does not seem to exist in your instance. Let’s create that directory and a sample file:

$ sudo mkdir /opt/bitnami/apps/letsencrypt/.well-known
$ sudo touch /opt/bitnami/apps/letsencrypt/.well-known/hello
$ echo -n "world" | sudo tee /opt/bitnami/apps/letsencrypt/.well-known/hello
$ sudo chown -R bitnami:daemon /opt/bitnami/apps/letsencrypt/.well-known
$ sudo chmod g+r /opt/bitnami/apps/letsencrypt/.well-known/hello

Once you do that, restart the apache service and check that you can access the URL domain.com/.well-known/hello from all your domains:

$ sudo /opt/bitnami/ctlscript.sh restart apache
$ curl http://DOMAIN1.com/.well-known/hello
$ curl http://DOMAIN2.com/.well-known/hello
...

You should be able to see the word “world” as the response to those last commands.

Can you please try that and report back?

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Thanks @jcarmona

I tried what you’ve indicated here and I can access this file from most of my domains, but not with the one that I was having trouble with. When I tested this before, I did have a file in .well-known and it was accessible from all domains except the one I mentioned above — I think this was erased when I ran the bncert tool most recently.

Hi @larssandergreen

Thanks for executing the aforementioned commands. I was able to see that the domain you are having trouble with is https://keepXXXXXX.ca

I have reviewed your Apache configuration and found some issues that might be interfering with this. Could you please follow the steps below to try to tackle them?

  1. The very first thing I want to mention is that I don’t fully understand your use case. You mentioned that you followed the instructions on how to install several WordPress modules on the same stack, but indeed that thread mentions Bitnami LAMP as the base stack to start with. The stack bnsupport-tool was run into is a Bitnami WordPress Multisite one.
    Additionally, let me mention that Bitnami WordPress Multisite already provides the ability to set up multiple WordPress sites out-of-the-box (you don’t need to install several WordPress modules).

Having said that, I think there exists a mix of configurations for both domains to work. Let’s try to fix that:

  1. Modify your /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf as follows:
# Bitnami applications installed in a prefix URL
Include "/opt/bitnami/apps/wordpress/conf/httpd-prefix.conf"
                    Include "/opt/bitnami/apps/phpmyadmin/conf/httpd-prefix.conf"
                    Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"

- RewriteEngine On
-
- Include "/opt/bitnami/apps/jumbo/conf/httpd-prefix.conf"
  1. Add the following line to /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf:
# Bitnami applications installed in a Virtual Host
Include "/opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf"
+ Include "/opt/bitnami/apps/jumbo/conf/httpd-vhosts.conf"
  1. Create a backup of your /opt/bitnami/apps/jumbo/conf & /opt/bitnami/apps/wordpress/conf directories:
$ sudo mkdir /opt/bitnami/apps/jumbo/confBack
$ sudo cp -R /opt/bitnami/apps/jumbo/conf/* /opt/bitnami/apps/jumbo/confBack/

$ sudo mkdir /opt/bitnami/apps/wordpress/confBack
$ sudo cp -R /opt/bitnami/apps/wordpress/conf/* /opt/bitnami/apps/wordpress/confBack/
  1. Modify the file /opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf as follows:
<VirtualHost *:80>
    ServerName wildXXXX.ca
    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
    Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
</VirtualHost>

<VirtualHost *:443>
    ServerName wildXXXX.ca
    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
    SSLEngine on
    SSLCertificateFile "/opt/bitnami/apache2/conf/wildXXXX.ca.crt"
    SSLCertificateKeyFile "/opt/bitnami/apache2/conf/wildXXXX.ca.key"

    Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
</VirtualHost>

- <VirtualHost *:80>
-    ServerName keepXXX.ca
-    DocumentRoot "/opt/bitnami/apps/jumbo/htdocs"
-    Include "/opt/bitnami/apps/jumbo/conf/httpd-app.conf"
- </VirtualHost>


- <VirtualHost *:443>
-    ServerName keepXXXXX.ca
-    DocumentRoot "/opt/bitnami/apps/jumbo/htdocs"
-    SSLEngine on
-    SSLCertificateFile "/opt/bitnami/apache2/conf/wildXXXX.ca.crt"
-    SSLCertificateKeyFile "/opt/bitnami/apache2/conf/wildXXX.ca.key"

-    Include "/opt/bitnami/apps/jumbo/conf/httpd-app.conf"
- </VirtualHost>
  1. Copy the following file from your wildXXXX.ca app to the jumbo one:
$ sudo cp /opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf /opt/bitnami/apps/jumbo/conf/httpd-vhosts.conf
  1. Modify the file /opt/bitnami/apps/jumbo/conf/httpd-vhosts.conf as follows:
<VirtualHost *:80>
-   ServerName wildXXX.ca
+   ServerName keepXXXX.ca
+   ServerAlias www.keepXXXX.ca
-    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
-    Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
+    DocumentRoot "/opt/bitnami/apps/jumbo/htdocs"
+    Include "/opt/bitnami/apps/jumbo/conf/httpd-app.conf"
</VirtualHost>

<VirtualHost *:443>
-   ServerName wildXXX.ca
+   ServerName keepXXXX.ca
+   ServerAlias www.keepXXXX.ca
-    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
+    DocumentRoot "/opt/bitnami/apps/jumbo/htdocs"
    SSLEngine on
    SSLCertificateFile "/opt/bitnami/apache2/conf/wildXXXX.ca.crt"
    SSLCertificateKeyFile "/opt/bitnami/apache2/conf/wildXXXXx.ca.key"

-    Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
+   Include "/opt/bitnami/apps/jumbo/conf/httpd-app.conf"
</VirtualHost>

After that, check that the Apache syntax is valid and restart apache if it succeeds:

$ sudo apachectl -t
$ sudo /opt/bitnami/ctlscript.sh restart apache

Then, try to access https://keepXXXXXX.ca/.well-known/hello again

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

1 Like

Thanks so much @jcarmona! I can see now that this makes a lot more sense and it works perfectly. Really appreciate the help here and apologies for the non-standard setup. Thank you!