Config issue can't get server to pick up ssl

Keywords: WordPress - AWS - Technical issue - Secure Connections (SSL/HTTPS)

bnsupport ID: d5902938-ec2e-3ad5-41f3-71a217ac6f4f

bndiagnostic output:

? Apache: Found possible issues
? Mariadb: Found possible issues
? Connectivity: Found possible issues
? Resources: Found possible issues
? Processes: Found possible issues
? Php: Found possible issues
https://docs.bitnami.com/general/apps/wordpress/administration/enable-https-ssl-apache/
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
https://docs.bitnami.com/bch/apps/moodle/troubleshooting/deny-connections-bots-apache/
https://docs.bitnami.com/aws/apps/wordpress/troubleshooting/debug-errors-mariadb/
https://docs.bitnami.com/general/faq/administration/use-firewall/
https://docs.bitnami.com/general/apps/akeneo/administration/increase-memory-limit/

bndiagnostic failure reason: The documentation did not make any significant change

Description:
Hi, I installed a new cert, however i still get the website is not secure message plus when i run ssllabs it seems to be loading the dummy cert. Also on the cert file i see —rw only not —rw—r---r

Thanks for any help in advance

Hi @a_r_baines,

Thanks for using Bitnami. Can you tell us how did you install your new SSL certificate? Are you using our guide to request and configure a Let’s Encrypt SSL certificate or are you installing a different one? Did you restart Apache after installing the new SSL certificate for the changes to take effect?

sudo /opt/bitnami/ctlscript.sh restart apache

I also visited your website’s IP address (I couldn’t get your domain name from the bndiagnostic bundle) and it is true it showed the dummy example.com certificate.

Apart from that, the bndiagnostic tool detected there is a single IP address making a lot of requests to your website.

-----------------------------------
Check performance issues: Count number of requests for the 10 most active IP addresses in the last 100.000 requests
-----------------------------------
Running: tail -n 100000 access_log | awk '{print $1}' | sort | uniq -c | sort -nr | head -n 10 | awk '{print $1}'
In: /opt/bitnami/apache2/logs/

Output:

26768
4353
2858
2495
1972
1560
1410
1163
1163
1162

Can you take a look to the next guide to try to figure out if it is a bot and block it?

https://docs.bitnami.com/aws/apps/wordpress/troubleshooting/deny-connections-bots-apache/

Hiya, yes I ran sudo /opt/bitnami/ctlscript.sh restart apache, I have followed the guides to the letter. I created the csr file sent it to sectigo they sent back the cert file and server key etc. I have checked that the key and crt match. I uploaded to /opt/bitnami/apache/conf and ran the restart command. I have also tried copying the files to the certs folder where the dummy files are and renamed the dummy files but that causes the site to go down altogether

I think the other issue is because we are refreshing the content. This has all been necessary because we need the latest php edition so we are trying to migrate to a newer bitnami image on aws but so far its been a nightmare

@gongomgra sorry forgot to tag you in above message

Can you help me @gongomgra

If someone doesn’t help soon i will have to abort and rewind back to old server

Should the bitnami-ssl.conf have the
SSLCertificateFile “/opt/bitnami/apache/conf/server.crt”
SSLCertificateKeyFile “/opt/bitnami/apache/conf/server.key”

like this or should it be the same as the bitnami.conf
SSLCertificateFile “/opt/bitnami/apache2/conf/server.crt”
SSLCertificateKeyFile “/opt/bitnami/apache2/conf/server.key”

Hi @a_r_baines,

I reviewed your Apache configuration and I have a question. I see you have defined a virtualhost for port 443 (HTTPS) in bitnami.conf file, although it is not needed. There should be a virtualhost for port 80 instead defined in that file. Can you tell us why did you define the 443 and removed the 80?

Please restore the default content of the bitnami.conf file as shown below

# Default Virtual Host configuration.

# Let Apache know we're behind a SSL reverse proxy
SetEnvIf X-Forwarded-Proto https HTTPS=on

<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache/htdocs"
  <Directory "/opt/bitnami/apache/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html
</VirtualHost>

Include "/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf"

You can add the SSLCACertificateFile directive in the bitnami-ssl.conf and wordpress-https-vhost.conf file, and then restart Apache.

To double check the CommonName value of your SSL certificate, please run the command below.

openssl x509 -noout -subject -in /opt/bitnami/apache/conf/bitnami/certs/server.crt

In my case, I launched a fresh new instance and it is using the dummy certificate we install for testing purposes. You should get a CN field with your domain name instead.

$ openssl x509 -noout -subject -in /opt/bitnami/apache/conf/bitnami/certs/server.crt
subject=CN = example.com