Cannot install SSL for DNS name

Keywords: General - AWS - Technical issue - Secure Connections (SSL/HTTPS)

bnsupport ID: 23d16b91-d19a-a552-a334-3701641d084c

bndiagnostic output:

? Apache: Found possible issues
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
https://docs.bitnami.com/bch/apps/moodle/troubleshooting/deny-connections-bots-apache/

bndiagnostic failure reason: The suggested guides are not related with my issue

Description:
Hi,

I use the AMI image bitnami-lampstack-8.0.10-2-r02-linux-debian-10-x86_64-hvm-ebs-nami-cb6afd05-a3b2-4916-a3e6-bccd414f5f21 to create a EC2 instance. After the creation, I see the DNS name of the server is ec2-3-95-160-86.compute-1.amazonaws.com, but I can only access it with HTTP, not HTTPS. So I want to install the free SSL for it.

I run the command:

sudo /opt/bitnami/bncert-tool

and input the domain name as ec2-3-95-160-86.compute-1.amazonaws.com, but get a warning:

Warning: The domain ‘ec2-3-95-160-86.compute-1.amazonaws.com’ resolves to a
different IP address than the one detected for this machine, which is
‘3.95.160.86’. Please fix its DNS entries or remove it.

I double check and confirm 3.95.160.86 is the IP address of the EC2 instance. Why I will get this warning?

Thanks

Hello @ccw,

I have checked your site and it is now redirecting to your custom domain with SSL enabled, were you then able to solve the issue, or do you require further assistance on this?

Regards,
Francisco de Paz

Hi, @fdepaz,

Yes, the custom domain is using free Let’s Encrypt certificate. What is the difference between paid certificate?

Also I remember many AWS services, such as Cloudfront, will offer a https version, like this https://xxx.cloudfront.net, why EC2 does not provide a https version of DNS name directly, like https://ec2-3-95-160-86.compute-1.amazonaws.com/?

If the free Let’s Encrypt certificate will expire on custom domain, is it possible to make one for ec2-3-95-160-86.compute-1.amazonaws.com that will not expire?

Hello @ccw,

Unfortunately, there is no option to create a non-expirable free cert with Let’s Encrypt, that is why we suggest setting a cron to renew the certificate automatically. Apart from this “bother” of manually setting up and renewing the certificate, they are no different from a paid SSL certificate.

Regarding an SSL service by AWS, I recall there is indeed such kind of service but I’m not sure if they provide a certificate for the xxx.amazonaws.com domain.

Regards,
Francisco de Paz

@fdepaz

Is the renewal of Le’ts Encrypt Certificate free? I check https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/ and it does not mention to pay for the renewal.

Hello @ccw,

Yes, it is. The renewal consist of setting up a cron so that it relaunches the Let’s Encrypt command that creates/renewal the SSL. You can check how to configure it in the following guide:

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#step-5-renew-the-lets-encrypt-certificate

Regards,
Francisco de Paz

Hi, @fdepaz,

Thank you very much!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.