Error installing ssl certificate wordpress

Keywords: WordPress + NGINX + SSL - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 97783d05-6fce-ece8-3161-bc37e692e6ff
Description:
Hello
Unfortunately I can’t install the SSL certificate having followed the instructions here: https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

I ran the support tool to help identify the root cause: 97783d05-6fce-ece8-3161-bc37e692e6ff

here is the commands used:

Last login: Mon Jun  7 16:32:00 2021 from 87.0.224.233
bitnami@ip-172-31-71-53:~$ cd /tmp
bitnami@ip-172-31-71-53:/tmp$ curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -
--2021-06-09 20:57:06--  https://github.com/go-acme/lego/releases/download/v4.4.0/lego_v4.4.0_linux_amd64.tar.gz
Resolving github.com (github.com)... 140.82.113.3
Connecting to github.com (github.com)|140.82.113.3|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-releases.githubusercontent.com/37038121/dd618880-c88e-11eb-9026-76013d5c6d47?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210609%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210609T205708Z&X-Amz-Expires=300&X-Amz-Signature=ac63a862211cf0f6010acd2da67deeaf31b37d1cef18aa98634cd219e852794c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=37038121&response-content-disposition=attachment%3B%20filename%3Dlego_v4.4.0_linux_amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
--2021-06-09 20:57:08--  https://github-releases.githubusercontent.com/37038121/dd618880-c88e-11eb-9026-76013d5c6d47?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210609%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210609T205708Z&X-Amz-Expires=300&X-Amz-Signature=ac63a862211cf0f6010acd2da67                                     deeaf31b37d1cef18aa98634cd219e852794c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=37038121&response-content-disposition=attachment%3B%20filename%3Dlego_v4.4.0_linux_amd64.tar.gz&response-content-type=application%2Foctet-stream
Resolving github-releases.githubusercontent.com (github-releases.githubuserconte                                     nt.com)... 185.199.109.154, 185.199.110.154, 185.199.111.154, ...
Connecting to github-releases.githubusercontent.com (github-releases.githubuserc                                     ontent.com)|185.199.109.154|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9861787 (9.4M) [application/octet-stream]
Saving to: ‘lego_v4.4.0_linux_amd64.tar.gz’

lego_v4.4.0_linux_a 100%[===================>]   9.40M  4.27MB/s    in 2.2s

2021-06-09 20:57:10 (4.27 MB/s) - ‘lego_v4.4.0_linux_amd64.tar.gz’ saved [986178                                     7/9861787]

FINISHED --2021-06-09 20:57:10--
Total wall clock time: 4.0s
Downloaded: 1 files, 9.4M in 2.2s (4.27 MB/s)
bitnami@ip-172-31-71-53:/tmp$ tar xf lego_v4.4.0_linux_amd64.tar.gz
bitnami@ip-172-31-71-53:/tmp$ sudo mkdir -p /opt/bitnami/letsencrypt
bitnami@ip-172-31-71-53:/tmp$ sudo mv lego /opt/bitnami/letsencrypt/lego
bitnami@ip-172-31-71-53:/tmp$
bitnami@ip-172-31-71-53:/tmp$ sudo /opt/bitnami/ctlscript.sh stop
Stoping services..

bitnami@ip-172-31-71-53:/tmp$
bitnami@ip-172-31-71-53:/tmp$ sudo /opt/bitnami/letsencrypt/lego --tls --email="ahmed.eldagany@qtoolsrl.it" --domains="qtoolsrl.it" --domains="www.qtoolsrl.it" --path="/opt/bitnami/letsencrypt" run
2021/06/09 20:58:34 No key found for account ahmed.eldagany@qtoolsrl.it. Generating a P256 key.
2021/06/09 20:58:34 Saved key to /opt/bitnami/letsencrypt/accounts/acme-v02.api.letsencrypt.org/ahmed.eldagany@qtoolsrl.it/keys/ahmed.eldagany@qtoolsrl.it.key
2021/06/09 20:58:35 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you accept the TOS? Y/n
Your input was invalid. Please answer with one of Y/y, n/N or by pressing enter.
Do you accept the TOS? Y/n
y
2021/06/09 20:58:47 [INFO] acme: Registering account for ahmed.eldagany@qtoolsrl.it
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/opt/bitnami/letsencrypt/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2021/06/09 20:58:48 [INFO] [qtoolsrl.it, www.qtoolsrl.it] acme: Obtaining bundled SAN certificate
2021/06/09 20:58:48 [INFO] [qtoolsrl.it] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/13846343673
2021/06/09 20:58:48 [INFO] [www.qtoolsrl.it] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/13846343674
2021/06/09 20:58:48 [INFO] [qtoolsrl.it] acme: use tls-alpn-01 solver
2021/06/09 20:58:48 [INFO] [www.qtoolsrl.it] acme: use tls-alpn-01 solver
2021/06/09 20:58:48 [INFO] [qtoolsrl.it] acme: Trying to solve TLS-ALPN-01
2021/06/09 20:58:50 http: TLS handshake error from 66.249.66.60:58063: remote error: tls: illegal parameter
2021/06/09 20:58:51 http: TLS handshake error from 66.249.66.60:65189: remote error: tls: illegal parameter
2021/06/09 20:58:52 http: TLS handshake error from 66.249.66.60:63752: remote error: tls: illegal parameter
2021/06/09 20:58:53 http: TLS handshake error from 66.249.66.60:62496: remote error: tls: illegal parameter
2021/06/09 20:58:54 http: TLS handshake error from 66.249.66.60:47486: remote error: tls: illegal parameter
2021/06/09 20:58:55 http: TLS handshake error from 66.249.66.60:47150: remote error: tls: illegal parameter
2021/06/09 20:58:56 http: TLS handshake error from 66.249.66.60:43807: remote error: tls: illegal parameter
2021/06/09 20:58:56 [INFO] [qtoolsrl.it] The server validated our request
2021/06/09 20:58:56 [INFO] [www.qtoolsrl.it] acme: Trying to solve TLS-ALPN-01
2021/06/09 20:58:59 http: TLS handshake error from 66.249.66.60:38923: remote error: tls: illegal parameter
2021/06/09 20:59:00 http: TLS handshake error from 66.249.66.60:62584: remote error: tls: illegal parameter
2021/06/09 20:59:01 http: TLS handshake error from 66.249.66.62:43394: remote error: tls: illegal parameter
2021/06/09 20:59:02 http: TLS handshake error from 66.249.66.60:48399: remote error: tls: illegal parameter
2021/06/09 20:59:02 http: TLS handshake error from 66.249.66.62:65107: remote error: tls: illegal parameter
2021/06/09 20:59:03 http: TLS handshake error from 66.249.66.32:35513: remote error: tls: illegal parameter
2021/06/09 20:59:04 http: TLS handshake error from 66.249.66.60:57553: remote error: tls: illegal parameter
2021/06/09 20:59:05 http: TLS handshake error from 66.249.66.60:36831: remote error: tls: illegal parameter
2021/06/09 20:59:06 http: TLS handshake error from 66.249.66.60:40164: remote error: tls: illegal parameter
2021/06/09 20:59:06 [INFO] [www.qtoolsrl.it] The server validated our request
2021/06/09 20:59:06 [INFO] [qtoolsrl.it, www.qtoolsrl.it] acme: Validations succeeded; requesting certificates
2021/06/09 20:59:07 [INFO] [qtoolsrl.it] Server responded with a certificate.
bitnami@ip-172-31-71-53:/tmp$
bitnami@ip-172-31-71-53:/tmp$ sudo mv /opt/bitnami/nginx/conf/server.crt /opt/bitnami/nginx/conf/server.crt.old
mv: cannot stat '/opt/bitnami/nginx/conf/server.crt': No such file or directory
bitnami@ip-172-31-71-53:/tmp$ sudo mv /opt/bitnami/nginx/conf/server.key /opt/bitnami/nginx/conf/server.key.old
mv: cannot stat '/opt/bitnami/nginx/conf/server.key': No such file or directory
bitnami@ip-172-31-71-53:/tmp$ sudo mv /opt/bitnami/nginx/conf/server.csr /opt/bitnami/nginx/conf/server.csr.old
mv: cannot stat '/opt/bitnami/nginx/conf/server.csr': No such file or directory
bitnami@ip-172-31-71-53:/tmp$ sudo ln -sf /opt/bitnami/letsencrypt/certificates/qtoolsrl.it.key /opt/bitnami/nginx/conf/server.key
bitnami@ip-172-31-71-53:/tmp$ sudo ln -sf /opt/bitnami/letsencrypt/certificates/qtoolsrl.it.crt /opt/bitnami/nginx/conf/server.crt
bitnami@ip-172-31-71-53:/tmp$ sudo chown root:root /opt/bitnami/nginx/conf/server*
bitnami@ip-172-31-71-53:/tmp$ sudo chmod 600 /opt/bitnami/nginx/conf/server*
bitnami@ip-172-31-71-53:/tmp$
bitnami@ip-172-31-71-53:/tmp$ sudo /opt/bitnami/ctlscript.sh start
Starting services..
bitnami@ip-172-31-71-53:/tmp$ TLS handshake error from 66.249.66.60:58063: remote error: tls: illegal parameter
-bash: TLS: command not found
bitnami@ip-172-31-71-53:/tmp$ ^C
bitnami@ip-172-31-71-53:/tmp$
bitnami@ip-172-31-71-53:/tmp$ _>
-bash: syntax error near unexpected token `newline'
bitnami@ip-172-31-71-53:/tmp$ ^c
-bash: :s^c: substitution failed
bitnami@ip-172-31-71-53:/tmp$ cd /tmp
bitnami@ip-172-31-71-53:/tmp$ curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -
--2021-06-09 21:08:56--  https://github.com/go-acme/lego/releases/download/v4.4.0/lego_v4.4.0_linux_amd64.tar.gz
Resolving github.com (github.com)... 140.82.112.4
Connecting to github.com (github.com)|140.82.112.4|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-releases.githubusercontent.com/37038121/dd618880-c88e-11eb-9026-76013d5c6d47?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210609%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210609T210856Z&X-Amz-Expires=300&X-Amz-Signature=ad854aa2e5cf4aacfe0f7254c4ce25f17a1af4a6ec562e8cbca3ed428e4c80da&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=37038121&response-content-disposition=attachment%3B%20filename%3Dlego_v4.4.0_linux_amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
--2021-06-09 21:08:56--  https://github-releases.githubusercontent.com/37038121/dd618880-c88e-11eb-9026-76013d5c6d47?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210609%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210609T210856Z&X-Amz-Expires=300&X-Amz-Signature=ad854aa2e5cf4aacfe0f7254c4ce25f17a1af4a6ec562e8cbca3ed428e4c80da&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=37038121&response-content-disposition=attachment%3B%20filename%3Dlego_v4.4.0_linux_amd64.tar.gz&response-content-type=application%2Foctet-stream
Resolving github-releases.githubusercontent.com (github-releases.githubusercontent.com)... 185.199.108.154, 185.199.109.154, 185.199.110.154, ...
Connecting to github-releases.githubusercontent.com (github-releases.githubusercontent.com)|185.199.108.154|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9861787 (9.4M) [application/octet-stream]
Saving to: ‘lego_v4.4.0_linux_amd64.tar.gz.1’

lego_v4.4.0_linux_amd64.tar.g 100%[==============================================>]   9.40M  5.88MB/s    in 1.6s

2021-06-09 21:08:58 (5.88 MB/s) - ‘lego_v4.4.0_linux_amd64.tar.gz.1’ saved [9861787/9861787]

FINISHED --2021-06-09 21:08:58--
Total wall clock time: 2.9s
Downloaded: 1 files, 9.4M in 1.6s (5.88 MB/s)
bitnami@ip-172-31-71-53:/tmp$ tar xf lego_v4.4.0_linux_amd64.tar.gz

bitnami@ip-172-31-71-53:/tmp$ sudo mkdir -p /opt/bitnami/letsencrypt
bitnami@ip-172-31-71-53:/tmp$ sudo mv lego /opt/bitnami/letsencrypt/lego
bitnami@ip-172-31-71-53:/tmp$ sudo /opt/bitnami/ctlscript.sh stop
Stoping services..
bitnami@ip-172-31-71-53:/tmp$ sudo /opt/bitnami/letsencrypt/lego --tls --email="ahmed.eldagany@qtoolsrl.it" --domains="qtoolsrl.it" --domains="www.qtoolsrl.it" --path="/opt/bitnami/letsencrypt" run
2021/06/09 21:12:12 [INFO] [qtoolsrl.it, www.qtoolsrl.it] acme: Obtaining bundled SAN certificate
2021/06/09 21:12:12 [INFO] [qtoolsrl.it] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/13846343673
2021/06/09 21:12:12 [INFO] [www.qtoolsrl.it] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/13846343674
2021/06/09 21:12:12 [INFO] [qtoolsrl.it] acme: authorization already valid; skipping challenge
2021/06/09 21:12:12 [INFO] [www.qtoolsrl.it] acme: authorization already valid; skipping challenge
2021/06/09 21:12:12 [INFO] [qtoolsrl.it, www.qtoolsrl.it] acme: Validations succeeded; requesting certificates
2021/06/09 21:12:13 [INFO] [qtoolsrl.it] Server responded with a certificate.
bitnami@ip-172-31-71-53:/tmp$ sudo mv /opt/bitnami/nginx/conf/server.crt /opt/bitnami/nginx/conf/server.crt.old
sudo ln -sf /opt/bitnami/letsencrypt/certificates/qtoolsrl.it.crt /opt/bitnami/nginx/conf/server.crt
sudo chown root:root /opt/bitnami/nginx/conf/server*
sudo chmod 600 /opt/bitnami/nginx/conf/server*bitnami@ip-172-31-71-53:/tmp$ sudo mv /opt/bitnami/nginx/conf/server.key /opt/bitnami/nginx/conf/server.key.old
bitnami@ip-172-31-71-53:/tmp$ sudo mv /opt/bitnami/nginx/conf/server.csr /opt/bitnami/nginx/conf/server.csr.old
mv: cannot stat '/opt/bitnami/nginx/conf/server.csr': No such file or directory
bitnami@ip-172-31-71-53:/tmp$ sudo ln -sf /opt/bitnami/letsencrypt/certificates/qtoolsrl.it.key /opt/bitnami/nginx/conf/server.key
bitnami@ip-172-31-71-53:/tmp$ sudo ln -sf /opt/bitnami/letsencrypt/certificates/qtoolsrl.it.crt /opt/bitnami/nginx/conf/server.crt
bitnami@ip-172-31-71-53:/tmp$ sudo chown root:root /opt/bitnami/nginx/conf/server*
bitnami@ip-172-31-71-53:/tmp$ sudo chmod 600 /opt/bitnami/nginx/conf/server*
bitnami@ip-172-31-71-53:/tmp$ sudo /opt/bitnami/ctlscript.sh start
Starting services..
bitnami@ip-172-31-71-53:/tmp$ udo /opt/bitnami/letsencrypt/lego --tls --email="ahmed.eldagany@qtoolsrl.it" --domains="qtoolsrl.it" --domains="www.qtoolsrl.it" --path="/opt/bitnami/letsencrypt" run
-bash: udo: command not found
bitnami@ip-172-31-71-53:/tmp$ sudo /opt/bitnami/letsencrypt/lego --tls --email="ahmed.eldagany@qtoolsrl.it" --domains="qtoolsrl.it" --domains="www.qtoolsrl.it" --path="/opt/bitnami/letsencrypt" run
2021/06/09 21:15:14 [INFO] [qtoolsrl.it, www.qtoolsrl.it] acme: Obtaining bundled SAN certificate
2021/06/09 21:15:15 [INFO] [qtoolsrl.it] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/13846343673
2021/06/09 21:15:15 [INFO] [www.qtoolsrl.it] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/13846343674
2021/06/09 21:15:15 [INFO] [qtoolsrl.it] acme: authorization already valid; skipping challenge
2021/06/09 21:15:15 [INFO] [www.qtoolsrl.it] acme: authorization already valid; skipping challenge
2021/06/09 21:15:15 [INFO] [qtoolsrl.it, www.qtoolsrl.it] acme: Validations succeeded; requesting certificates
2021/06/09 21:15:15 [INFO] [qtoolsrl.it] Server responded with a certificate.
bitnami@ip-172-31-71-53:/tmp$ cd
bitnami@ip-172-31-71-53:~$ sudo /opt/bitnami/ctlscript.sh stop
Stoping services..

bitnami@ip-172-31-71-53:~$
bitnami@ip-172-31-71-53:~$ sudo /opt/bitnami/ctlscript.sh start
Starting services..
bitnami@ip-172-31-71-53:~$ sudo /opt/bitnami/bnsupport-tool

----------------------------------------------------------------------------
Welcome to the Bitnami Support tool.

----------------------------------------------------------------------------
Please read the following information carefully.

Press [Enter] to continue:This tool collects system information and files from a Bitnami stack into a
support bundle file to be uploaded and reviewed by the Bitnami Team, for the
sole purpose of providing you support for any issue you may find.

The uploaded information will be automatically removed from our systems after 1
month. In case you have any doubt regarding our privacy policy please check:

https://www.vmware.com/help/privacy.html
Press [Enter] to continue:

Do you accept? [y/n]: y

-
y
                                                                                                                    /|
The bndiagnostic tool has found some errors that may be related to the issue you
are having. The output will be shown on the next page:

Press [Enter] to continue:

===== Begin of bndiagnostic tool output =====


    ? Nginx: Found possible issues
    ? Mariadb: Found possible issues
    ✓ Connectivity: No issues found
    ✓ Wordpress: No issues found
    ? Resources: Found possible issues
    ✓ Php: No issues found


[Nginx]

Found recent error or warning messages in the Nginx error log.
2021/06/09 21:37:40 [error] 29769#29769: *620 FastCGI sent in stderr: "Primary
script unknown" while reading response header from upstream, client:
66.249.66.62, server: _, request: "GET /wp-itapi.php?notifyf433/abeeb43265.htm
HTTP/1.1", upstream: "fastcgi://unix:/opt/bitnami/php/var/run/www.sock:", host:
"qtoolsrl.it"
 2021/06/09 21:37:40 [error] 29769#29769: *620 FastCGI sent in stderr: "Primary
script unknown" while reading response header from upstream, client:
Press [Enter] to continue:66.249.66.62, server: _, request: "GET
/cache/content-post.php?zetad3/fed495741.htm HTTP/1.1", upstream:
"fastcgi://unix:/opt/bitnami/php/var/run/www.sock:", host: "qtoolsrl.it"
 2021/06/09 21:37:40 [error] 29769#29769: *82 FastCGI sent in stderr: "Primary
script unknown" while reading response header from upstream, client:
66.249.66.60, server: _, request: "GET /cachee.php?evans84/bb65400.htm
HTTP/1.1", upstream: "fastcgi://unix:/opt/bitnami/php/var/run/www.sock:", host:
"qtoolsrl.it"

Please check the following guide to troubleshoot server issues:

https://docs.bitnami.com/installer/infrastructure/nginx/troubleshooting/


[Mariadb]

Found recent error messages in the MariaDB error log:
2021-06-09 21:22:41 194 [Warning] Aborted connection 194 to db:
'bitnami_wordpress' user: 'bn_wordpress' host: 'localhost' (Got an error reading
communication packets)

Press [Enter] to continue:
Please check the following guide to troubleshoot MariaDB issues:

https://docs.bitnami.com/aws/apps/wordpress/troubleshooting/debug-errors-mariadb/

[Resources]

Your instance has little available RAM memory.
 total used free shared buff/cache available Mem: 987 409 131 49 447 376 Swap:
634 11 623

You could try to increase your instance's memory. Please check your cloud
provider's documentation for more information.


===== End of bndiagnostic tool output =====


Press [Enter] to continue:                                                                                         The files listed below are bigger than 10MB and have not been included, please notify the support agent.

/opt/bitnami/nginx/logs/error.log
The support bundle was uploaded successfully to the Bitnami servers. Please copy the following code:

97783d05-6fce-ece8-3161-bc37e692e6ff

Many thanks :slight_smile:

Hello @ahmed.eldajany,

I have checked your conf and the shared logs but I don’t see anything strange, it seems the cert was generated correctly and nginx is running. Could you please detail the error you encountered?

I also checked your site, but it is currently using a certificate issued today by Amazon, did you decided to change your approach?

Regards,
Francisco de Paz