Keywords: LAMP/MAMP/WAMP - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 48a14b2f-e74e-d199-2aeb-d1a0d8cec229
Description:
When I try to restart my Bitnami services, I get "httpd could not be started". I would like to know what I have done incorrectly, what I can do to start httpd, and what I will need to do to prevent this from happenning in the future.
This is the command and response in restarting my Bitnami services:
bitnami@ip-172-26-1-104:~$ sudo /opt/bitnami/ctlscript.sh start
/opt/bitnami/mysql/scripts/ctl.sh : mysql started at port 3306
/opt/bitnami/php/scripts/ctl.sh : php-fpm started
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd could not be started
This followed my updating of my Let's Encrypt certificate which I did in the same manner I have done over the past year (see below).
The last lines of my Appache error log after attempting to restart my Bitnami services are:
[Sat Feb 02 16:23:00.278469 2019] [ssl:emerg] [pid 5930:tid 139774077441792] AH02562: Failed to configure certificate localhost:443:0 (with chain), check /opt/bitnami/apache2/conf/server.crt
[Sat Feb 02 16:23:00.279632 2019] [ssl:emerg] [pid 5930:tid 139774077441792] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten > > SSLCertificateKeyFile?
[Sat Feb 02 16:23:00.279650 2019] [ssl:emerg] [pid 5930:tid 139774077441792] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
AH00016: Configuration Failed
When I check my ssl certificate as instructed at https://docs.bitnami.com/aws/apps/mybb/administration/check-ssl-certificate/ I get this:
bitnami@ip-172-26-1-104:~$ openssl x509 -noout -text -in server.crt -modulus | grep Modulus
Error opening Certificate server.crt
139973878785688:error:02001002:system library:fopen:No such file or directory:bss_file.c:406:fopen('server.crt','r')
139973878785688:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:408:
unable to load certificate
bitnami@ip-172-26-1-104:~$ openssl rsa -noout -text -in server.key -modulus | grep Modulus
Error opening Private Key server.key
140684677772952:error:02001002:system library:fopen:No such file or directory:bss_file.c:406:fopen('server.key','r')
140684677772952:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:408:
unable to load Private Key
I have run the Bitnami Support tool. It returned this code:
48a14b2f-e74e-d199-2aeb-d1a0d8cec229
Last May I had issues using the "renew" command in updating my Let's Encrypt SSL certificate and was instructed here, https://community.bitnami.com/t/error-in-renewing-lets-encrypt-ssl-certificate/57460/3, to use the "new" command to generate a new certificate. That worked then and every 3 months since. Each time I have run these commands with these responses:
bitnami@ip-172-26-1-104:~$ sudo lego --email="info@maps.topographics.org" --domains="maps.topographics.org" --path="/etc/lego" run
2019/02/02 05:01:12 [INFO][maps.topographics.org] acme: Obtaining bundled SAN certificate
2019/02/02 05:01:12 [INFO][maps.topographics.org] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/n6PAFF6W2...
2019/02/02 05:01:12 [INFO][maps.topographics.org] acme: Trying to solve HTTP-01
2019/02/02 05:01:12 [INFO][maps.topographics.org] Served key authentication
2019/02/02 05:01:13 [INFO][maps.topographics.org] The server validated our request
2019/02/02 05:01:13 [INFO][maps.topographics.org] acme: Validations succeeded; requesting certificates
2019/02/02 05:01:15 [INFO] acme: Requesting issuer cert from https://acme-v01.api.letsencrypt.org/acme/issuer-cert
2019/02/02 05:01:15 [INFO][maps.topographics.org] Server responded with a certificate.
bitnami@ip-172-26-1-104:~$ sudo /opt/bitnami/ctlscript.sh status
bitnami@ip-172-26-1-104:~$ sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
bitnami@ip-172-26-1-104:~$ sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
bitnami@ip-172-26-1-104:~$ sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
mv: cannot stat '/opt/bitnami/apache2/conf/server.csr': No such file or directory
bitnami@ip-172-26-1-104:~$ sudo ln -s /etc/lego/certificates/maps.topographics.org.key /opt/bitnami/apache2/conf/server.key
bitnami@ip-172-26-1-104:~$ sudo ln -s /etc/lego/certificates/maps.topographics.org.key /opt/bitnami/apache2/conf/server.crt
bitnami@ip-172-26-1-104:~$ sudo chown root:root /opt/bitnami/apache2/conf/server*
bitnami@ip-172-26-1-104:~$ sudo chmod 600 /opt/bitnami/apache2/conf/server*
After trying the above, this time I also tried the "renew" command and it seemed to work this time:
bitnami@ip-172-26-1-104:~$ sudo lego --email="info@maps.topographics.org" --domains="maps.topographics.org" --path="/etc/lego" renew
2019/02/02 08:03:47 [INFO][maps.topographics.org] acme: Trying renewal with 2155 hours remaining
2019/02/02 08:03:47 [INFO][maps.topographics.org] acme: Obtaining bundled SAN certificate
2019/02/02 08:03:47 [INFO][maps.topographics.org] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/n6PAFF6W2tTPLGG4WxGQf0tusasaAWUMnUdGFmtXBrU
2019/02/02 08:03:47 [INFO][maps.topographics.org] acme: Authorization already valid; skipping challenge
2019/02/02 08:03:47 [INFO][maps.topographics.org] acme: Validations succeeded; requesting certificates
2019/02/02 08:03:48 [INFO] acme: Requesting issuer cert from https://acme-v01.api.letsencrypt.org/acme/issuer-cert
2019/02/02 08:03:48 [INFO][maps.topographics.org] Server responded with a certificate.
/opt/bitnami/apache2/conf/server.key and /opt/bitnami/apache2/conf/server.key both exist as does /opt/bitnami/apache2/conf/server.key and /opt/bitnami/apache2/conf/privkey.pem (dated Jan 2018).
Note: I first ran the "new" command prior to noticing the "System restart required" and restarting the system but tried again after restarting.
Also, I see that the currnent "new" instructions add the "-tls" so the command is
sudo lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --domains="www.DOMAIN" --path="/etc/lego" run
I tried that too but got a message saying I needed an email (which I did include).
So, what I have done incorrectly? What I can do to start httpd? And what I will need to do to prevent this from happenning in the future?
Thank you.