How to get Let's Encrypt SSL Certificate Under Bitnami

Keywords: General - AWS - Technical issue - Secure Connections (SSL/HTTPS)
Description:
Finally, I got the Apache running under the assistance of Bitnami.
But on renew the Let’s Encrypt SSL Certificate, I got another problem.

I got reply for Certificate as following:

“Bitnami stacks are very different compared to “normal” software configurations on mainstream Linux/Unix distributions. How did you get things working in the first place? Because certbot is generally not recommended for Bitnami stacks, at least not directly.
See for example the official Bitnami guide for Let’s Encrypt certificates, using its build in bncert-tool”

After visiting your page and running commands

sudo /opt/bitnami/bncert-tool

I got following respond:

"Warning: Custom redirections were detected in your web server configuration 
files. This tool will not be able to enable/disable redirections.
Press [Enter] to continue:
----------------------------------------------------------------------------
Welcome to the Bitnami HTTPS Configuration tool.

----------------------------------------------------------------------------
Domains

Please provide a valid space-separated list of domains for which you wish to 
configure your web server.

Domain list []: "

I type macjob.com.hk then the system said it is not valid. I try many commands listed on the page and get very bad feedback. And somewhere saying me is not a superuser.

Please assist me to go ahead, thanks!

Hi @macjobhk

Thanks for using Bitnami!

What is the stack you are using? Is it a native installer, a cloud image, or a VM?

Finally, I got the Apache running under the assistance of Bitnami. But on renew the Let’s Encrypt SSL Certificate, I got another problem.

Does it mean you have your site configured to use a SSL certificate already?

I type macjob.com.hk then the system said it is not valid.

This might mean that the DNS entry associated with that domain does not match your instance’s one. It could be nice if you could execute the bnsupport-tool so that I am able to get a deeper look to your configuration.

We have a Support Tool that will gather relevant information for us to analyze your configuration and logs. Could you please execute it on the machine where the stack is running by following the steps described in the guide below?

Please note that you need to paste the code ID that is shown at the end.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

“What is the stack you are using? Is it a native installer, a cloud image, or a VM?”

I don’t know, I can only see 4 bitnami services when I click to my account:

  • AWS launchpad
  • Google launchpad
  • Azure launchpad
  • Bitnami cloud hosting
    I think I am using AWS cloud now

“Does it mean you have your site configured to use a SSL certificate already?”

On our last discuss with Gota,
[https://community.bitnami.com/t/problem-in-starting-service/93017/11]

I got his final reply:

“I can see that MySQL and PHP-FPM are now running so you should be able to access your site when you start Apache.”

I think my site is not configured to use SSL certificate now.

After running your given command, I obtain code ID as: 53f67a80-ab17-7bbc-8e34-5442153dbaf3

Looking forwards to your further assistance.

B/R
Jacky

Hi @macjobhk

Thanks for sharing the support code ID. I was not able to connect to your instance, even though the report seems to point that the apache service is running. Hence, I was not able to verify that.

$ curl -I 5X.XXX.XXX.143
curl: (28) Connection timed out after 10001 milliseconds

Can you please verify that it is indeed running at the moment?

$ sudo /opt/bitnami/ctlscript.sh status

However, at first sight your Apache instance seems to be correctly configured to use Let’s Encrypt Certificates

$ ls -la /opt/bitnami/apache2/conf
...
lrwxrwxrwx  1 root    root     49 Aug 24  2020 server.crt -> /etc/letsencrypt/live/macjob.com.hk/fullchain.pem
-rw-r--r--  1 root    root    985 Aug 21  2020 server.csr
lrwxrwxrwx  1 root    root     47 Aug 24  2020 server.key -> /etc/letsencrypt/live/macjob.com.hk/privkey.pem
-rw-r--r--  1 bitnami root    203 Jun 15  2020 ssi.conf
-rw-------  1 bitnami root  53146 Dec  4  2018 unicode.mapping

---

$ cat conf/bitnami/bitnami.conf | grep SSL
# Default SSL Virtual Host configuration.
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
  SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"

Could you please verify that those certificates exist in the path?

$ ls -la /etc/letsencrypt/live/macjob.com.hk/

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Dear Jose,

After typing “sudo /opt/bitnami/ctlscript.sh status”

I got:
php-fpm already running
apache already running
mysql already running

after typing “ls -la /etc/letsencrypt/live/macjob.com.hk/”

I got
ls: cannot access ‘/etc/letsencrypt/live/macjob.com.hk/’: Permission denied

How to solve it?

Hi @macjobhk

I could access your instance now and could not connect over HTTPs. Have you modified the Apache configuration files since you last run the bnsupport-tool ?

It’d be nice if you could execute the bnsupport-tool again so as to retrieve the latest changes

I was also able to check that you dramatically changed the default /opt/bitnami/apache2/conf/httpd.conf file and are not including the sections that make reference to PHP FPM, apart from disabling some modules. I am trying to understand your use case, what is the reason behind those changes?

How to solve it?

You may run the same command using sudo:

$ sudo ls -la /etc/letsencrypt/live/macjob.com.hk/

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Dear Jcarmona,

I run the tools again and obtain code: 64075486-a639-bec6-dfc2-72aee0e5761d

after running command ~$ sudo ls -la /etc/letsencrypt/live/macjob.com.hk/

I got

total 12
drwxr-xr-x 2 root root 4096 Mar 12 17:08 .
drwx------ 3 root root 4096 Mar 12 17:08 …
lrwxrwxrwx 1 root root 37 Mar 12 17:08 cert.pem -> …/…/archive/macjob.com.hk/cert1.pem
lrwxrwxrwx 1 root root 38 Mar 12 17:08 chain.pem -> …/…/archive/macjob.com.hk/chain1.pem
lrwxrwxrwx 1 root root 42 Mar 12 17:08 fullchain.pem -> …/…/archive/macjob.com.hk/fullchain1.pem
lrwxrwxrwx 1 root root 40 Mar 12 17:08 privkey.pem -> …/…/archive/macjob.com.hk/privkey1.pem
-rw-r–r-- 1 root root 692 Mar 12 17:08 README

==

"Have you modified the Apache configuration files "

Yes, as we wish to solve problem by modified the ip attached. But we know nothing on it.

Attached is the current status.

Looking forwards to your reply.
B/R
Jacky

Thanks for running the commands!

Yes, as we wish to solve problem by modified the ip attached. But we know nothing on it.

Okay, so first things first, let’s try to restore some Apache configuration files to their original content:

sudo cp /opt/bitnami/apache2/conf/httpd.conf /opt/bitnami/apache2/conf/httpd.conf.back
sudo cp /opt/bitnami/bnsupport/original-data/apache2/conf/httpd.conf /opt/bitnami/apache2/conf/httpd.conf

sudo cp /opt/bitnami/apache2/conf/bitnami/bitnami.conf /opt/bitnami/apache2/conf/bitnami/bitnami.conf.back
sudo cp /opt/bitnami/bnsupport/original-data/apache2/conf/bitnami/bitnami.conf /opt/bitnami/apache2/conf/bitnami/bitnami.conf

sudo cp /opt/bitnami/apps/wordpress/conf/httpd-prefix.conf /opt/bitnami/apps/wordpress/conf/httpd-prefix.conf.back
sudo cp /opt/bitnami/bnsupport/original-data/apps/wordpress/conf/httpd-prefix.conf /opt/bitnami/apps/wordpress/conf/httpd-prefix.conf

After that, you should be able to restart the apache server:

sudo /opt/bitnami/ctlscript.sh restart apache

Hopefully, that solves some of the current issues the server has handling different protocols HTTP/HTTPs.

Could you please run the following command too and report its output back?

$ cd /etc/letsencrypt/live/macjob.com.hk/ && ls -la ../../archive/macjob.com.hk/

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Dear jcarmona,

Thanks for your feedback.
I run all your suggested commands. The apache server seems ok to restart.
However, when I run

cd /etc/letsencrypt/live/macjob.com.hk/ && ls -la …/…/archive/macjob.com.hk/

I got “Permission denied”

Please assist.

B/R
Jacky

Hi @macjobhk

I run all your suggested commands. The apache server seems ok to restart.

I have tried to access your site and it seems to be working fine, and so does the Let’s Encrypt SSL Certificate!

Screenshot 2021-04-20 at 13.45.36

However, when I run
I got “Permission denied”

Not a problem, the commands up there were meant to check if the certificates existed in your local instance. I forgot to add another line to avoid showing “Permission denied”, this should be the correct command:

$ sudo cd /etc/letsencrypt/live/macjob.com.hk/ && sudo ls -la ../../archive/macjob.com.hk/

However, there’s no need to check that, your website seems to be using them as aforementioned.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

1 Like

Yes, finally I am able to get the certificate. Thanks for your kindly instruction.

Glad to see you were able to solve your issue! We are marking the previous answer as “Solution” and this topic as “Closed”.

If you have any other questions, please do not hesitate to let us know. Feel free to create a new topic referencing this one if necessary.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

1 Like