Httpd could not be started after updating Let's Encrypt certificate

dnotle 2019-02-02 19:07:11 UTC #1

Keywords: LAMP/MAMP/WAMP - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 48a14b2f-e74e-d199-2aeb-d1a0d8cec229
Description:
When I try to restart my Bitnami services, I get "httpd could not be started". I would like to know what I have done incorrectly, what I can do to start httpd, and what I will need to do to prevent this from happenning in the future.

This is the command and response in restarting my Bitnami services:

bitnami@ip-172-26-1-104:~$ sudo /opt/bitnami/ctlscript.sh start
/opt/bitnami/mysql/scripts/ctl.sh : mysql started at port 3306
/opt/bitnami/php/scripts/ctl.sh : php-fpm started
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd could not be started

This followed my updating of my Let's Encrypt certificate which I did in the same manner I have done over the past year (see below).

The last lines of my Appache error log after attempting to restart my Bitnami services are:

[Sat Feb 02 16:23:00.278469 2019] [ssl:emerg] [pid 5930:tid 139774077441792] AH02562: Failed to configure certificate localhost:443:0 (with chain), check /opt/bitnami/apache2/conf/server.crt
[Sat Feb 02 16:23:00.279632 2019] [ssl:emerg] [pid 5930:tid 139774077441792] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten > > SSLCertificateKeyFile?
[Sat Feb 02 16:23:00.279650 2019] [ssl:emerg] [pid 5930:tid 139774077441792] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
AH00016: Configuration Failed

When I check my ssl certificate as instructed at https://docs.bitnami.com/aws/apps/mybb/administration/check-ssl-certificate/ I get this:

bitnami@ip-172-26-1-104:~$ openssl x509 -noout -text -in server.crt -modulus | grep Modulus
Error opening Certificate server.crt
139973878785688:error:02001002:system library:fopen:No such file or directory:bss_file.c:406:fopen('server.crt','r')
139973878785688:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:408:
unable to load certificate

bitnami@ip-172-26-1-104:~$ openssl rsa -noout -text -in server.key -modulus | grep Modulus
Error opening Private Key server.key
140684677772952:error:02001002:system library:fopen:No such file or directory:bss_file.c:406:fopen('server.key','r')
140684677772952:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:408:
unable to load Private Key

I have run the Bitnami Support tool. It returned this code:

48a14b2f-e74e-d199-2aeb-d1a0d8cec229

Last May I had issues using the "renew" command in updating my Let's Encrypt SSL certificate and was instructed here, https://community.bitnami.com/t/error-in-renewing-lets-encrypt-ssl-certificate/57460/3, to use the "new" command to generate a new certificate. That worked then and every 3 months since. Each time I have run these commands with these responses:

bitnami@ip-172-26-1-104:~$ sudo lego --email="info@maps.topographics.org" --domains="maps.topographics.org" --path="/etc/lego" run
2019/02/02 05:01:12 [INFO][maps.topographics.org] acme: Obtaining bundled SAN certificate
2019/02/02 05:01:12 [INFO][maps.topographics.org] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/n6PAFF6W2...
2019/02/02 05:01:12 [INFO][maps.topographics.org] acme: Trying to solve HTTP-01
2019/02/02 05:01:12 [INFO][maps.topographics.org] Served key authentication
2019/02/02 05:01:13 [INFO][maps.topographics.org] The server validated our request
2019/02/02 05:01:13 [INFO][maps.topographics.org] acme: Validations succeeded; requesting certificates
2019/02/02 05:01:15 [INFO] acme: Requesting issuer cert from https://acme-v01.api.letsencrypt.org/acme/issuer-cert
2019/02/02 05:01:15 [INFO][maps.topographics.org] Server responded with a certificate.
bitnami@ip-172-26-1-104:~$ sudo /opt/bitnami/ctlscript.sh status
bitnami@ip-172-26-1-104:~$ sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
bitnami@ip-172-26-1-104:~$ sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
bitnami@ip-172-26-1-104:~$ sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
mv: cannot stat '/opt/bitnami/apache2/conf/server.csr': No such file or directory
bitnami@ip-172-26-1-104:~$ sudo ln -s /etc/lego/certificates/maps.topographics.org.key /opt/bitnami/apache2/conf/server.key
bitnami@ip-172-26-1-104:~$ sudo ln -s /etc/lego/certificates/maps.topographics.org.key /opt/bitnami/apache2/conf/server.crt
bitnami@ip-172-26-1-104:~$ sudo chown root:root /opt/bitnami/apache2/conf/server*
bitnami@ip-172-26-1-104:~$ sudo chmod 600 /opt/bitnami/apache2/conf/server*

After trying the above, this time I also tried the "renew" command and it seemed to work this time:

bitnami@ip-172-26-1-104:~$ sudo lego --email="info@maps.topographics.org" --domains="maps.topographics.org" --path="/etc/lego" renew
2019/02/02 08:03:47 [INFO][maps.topographics.org] acme: Trying renewal with 2155 hours remaining
2019/02/02 08:03:47 [INFO][maps.topographics.org] acme: Obtaining bundled SAN certificate
2019/02/02 08:03:47 [INFO][maps.topographics.org] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/n6PAFF6W2tTPLGG4WxGQf0tusasaAWUMnUdGFmtXBrU
2019/02/02 08:03:47 [INFO][maps.topographics.org] acme: Authorization already valid; skipping challenge
2019/02/02 08:03:47 [INFO][maps.topographics.org] acme: Validations succeeded; requesting certificates
2019/02/02 08:03:48 [INFO] acme: Requesting issuer cert from https://acme-v01.api.letsencrypt.org/acme/issuer-cert
2019/02/02 08:03:48 [INFO][maps.topographics.org] Server responded with a certificate.

/opt/bitnami/apache2/conf/server.key and /opt/bitnami/apache2/conf/server.key both exist as does /opt/bitnami/apache2/conf/server.key and /opt/bitnami/apache2/conf/privkey.pem (dated Jan 2018).

Note: I first ran the "new" command prior to noticing the "System restart required" and restarting the system but tried again after restarting.

Also, I see that the currnent "new" instructions add the "-tls" so the command is

sudo lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --domains="www.DOMAIN" --path="/etc/lego" run

I tried that too but got a message saying I needed an email (which I did include).

So, what I have done incorrectly? What I can do to start httpd? And what I will need to do to prevent this from happenning in the future?

Thank you.

jota 2019-02-04 10:33:48 UTC #2

Hi @dnotle,

Thank you for using Bitnami. It seems that the certificate that the lego tool generated is not a valid one. For any reason, it's not creating a certificate that Apache can use and that's why Apache can't be started.

You also mentioned that this error message and that's because you are not using the latest version of the lego tool, could you please update it and generate new certificates again?

cd /tmp
curl -s https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -
tar xf lego_v2.1.0_linux_amd64.tar.gz
sudo mv lego /usr/local/bin/lego
sudo /opt/bitnami/ctlscript.sh stop
sudo lego --tls --email="info@maps.topographics.org" --domains="maps.topographics.org" --path="/etc/lego" run
sudo ln -sf /etc/lego/certificates/maps.topographics.org.key /opt/bitnami/apache2/conf/server.key
sudo ln -sf /etc/lego/certificates/maps.topographics.org.key /opt/bitnami/apache2/conf/server.crt
sudo chown root:root /opt/bitnami/apache2/conf/server*
sudo chmod 600 /opt/bitnami/apache2/conf/server*
sudo /opt/bitnami/ctlscript.sh start

If that doesn't work, could you please share with us the output of these commands?

lego --version
sudo ls -la /opt/bitnami/apache2/conf/
sudo ls -la /etc/lego/certificates

Thanks

dnotle 2019-02-04 15:42:50 UTC #3

Thank you very much for your reply.

I attempted to follow your code. I believe it downloaded the latest Lego but I don't think it installed it.

This is the download command and response:

bitnami@ip-172-26-1-104:~$ cd /tmp
bitnami@ip-172-26-1-104:/tmp$ curl -s https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i - tar xf lego_v2.1.0_linux_amd64.tar.gz
--2019-02-04 14:59:34-- http://tar/
Resolving tar (tar)... failed: Name or service not known.
wget: unable to resolve host address ‘tar’
--2019-02-04 14:59:35-- http://xf/
Resolving xf (xf)... failed: Name or service not known.
wget: unable to resolve host address ‘xf’
--2019-02-04 14:59:35-- http://lego_v2.1.0_linux_amd64.tar.gz/
Resolving lego_v2.1.0_linux_amd64.tar.gz (lego_v2.1.0_linux_amd64.tar.gz)... failed: Name or service not known.
wget: unable to resolve host address ‘lego_v2.1.0_linux_amd64.tar.gz’
--2019-02-04 14:59:35-- https://github.com/xenolf/lego/releases/download/v2.1.0/lego_v2.1.0_linux_amd64.tar.gz
Resolving github.com (github.com)... 192.30.253.113, 192.30.253.112
Connecting to github.com (github.com)|192.30.253.113|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/37038121/2489ae80-2031-11e9-9881-ada4238d2c4b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190204T145935Z&X-Amz-Expires=300&X-Amz-Signature=51b7f1384057996751796997a6e66bb836581a76dd2d1d04ce60ec909d465036&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dlego_v2.1.0_linux_amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
--2019-02-04 14:59:35-- https://github-production-release-asset-2e65be.s3.amazonaws.com/37038121/2489ae80-2031-11e9-9881-ada4238d2c4b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190204T145935Z&X-Amz-Expires=300&X-Amz-Signature=51b7f1384057996751796997a6e66bb836581a76dd2d1d04ce60ec909d465036&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dlego_v2.1.0_linux_amd64.tar.gz&response-content-type=application%2Foctet
-stream
Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.82.200
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.82.200|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7567526 (7.2M) [application/octet-stream]
Saving to: ‘lego_v2.1.0_linux_amd64.tar.gz’
lego_v2.1.0_linux_amd6 100%[==========================>] 7.22M --.-KB/s in 0.1s
2019-02-04 14:59:35 (57.5 MB/s) - ‘lego_v2.1.0_linux_amd64.tar.gz’ saved [7567526/7567526]
FINISHED --2019-02-04 14:59:35--
Total wall clock time: 0.4s
Downloaded: 1 files, 7.2M in 0.1s (57.5 MB/s)

But this is what I got with the next command:

bitnami@ip-172-26-1-104:/tmp$ sudo mv lego /usr/local/bin/lego
mv: cannot stat 'lego': No such file or directory

I changed back to the root directory and tried again but got the same result:

bitnami@ip-172-26-1-104:/tmp$ cd
bitnami@ip-172-26-1-104:~$ sudo mv lego /usr/local/bin/lego
mv: cannot stat 'lego': No such file or directory

After doing ctlscript.sh stop, I tried the next command anyway:

bitnami@ip-172-26-1-104:~$ sudo lego --tls --email="info@maps.topographics.org" --domains = "maps.topographics.org" --path="/etc/lego" run
No help topic for 'maps.topographics.org'

What do I need to do differently?

jota 2019-02-05 10:39:46 UTC #4

Hi @dnotle,

You ran a wrong command here. Please note that you ran (note the tar xf command at the end)

curl -s https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i - tar xf lego_v2.1.0_linux_amd64.tar.gz

when you need to run

curl -s https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -

and then

tar xf lego_v2.1.0_linux_amd64.tar.gz

You can move the lego binary to its folder later.

dnotle 2019-02-05 15:51:55 UTC #5

Thanks @jota for catching my error. It seems I was able to update Lego. I then ran this command but with a different email than before...

bitnami@ip-172-26-1-104:~$ sudo lego --tls --email="DIFFERENT-EMAIL" --domains="maps.topographics.org" --path="/etc/lego" run

And so I got this response:

2019/02/05 12:43:05 No key found for account DIFFERENT-EMAIL. Generating a curve P384 EC key. 2019/02/05 12:43:05 Saved key to /etc/lego/accounts/acme-v02.api.letsencrypt.org/info@topographics.org/keys/info@topographics.org.key
2019/02/05 12:43:06 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you accept the TOS? Y/n
Y
2019/02/05 12:43:39 [INFO] acme: Registering account for DIFFERENT-EMAIL
!!!! HEADS UP !!!!
Your account credentials have been saved in your Let's Encrypt configuration directory at "/etc/lego/accounts".
You should make a secure backupof this folder now. This configuration directory will also contain certificates and private keys obtained from Let's Encrypt so making regular backups of this folder is ideal.2019/02/05 12:43:39 [INFO] [maps.topographics.org] acme: Obtaining bundled SAN certificate
2019/02/05 12:43:39 [INFO] [maps.topographics.org] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/0tEs1S1FbaOJIYtFbk78ZuePK6QTHM90WmhW-L4qu1c
2019/02/05 12:43:39 [INFO] [maps.topographics.org] acme: use tls-alpn-01 solver
2019/02/05 12:43:39 [INFO] [maps.topographics.org] acme: Trying to solve TLS-ALPN-01
2019/02/05 12:43:45 [INFO] [maps.topographics.org] The server validated our request
2019/02/05 12:43:45 [INFO] [maps.topographics.org] acme: Validations succeeded; requesting certificates
2019/02/05 12:43:46 [INFO] [maps.topographics.org] Server responded with a certificate.

Then I followed the next commands which ended with "permission denied".

bitnami@ip-172-26-1-104:~$ sudo ln -sf /etc/lego/certificates/maps.topographics.org.key /opt/bitnami/apache2/conf/server.key bitnami@ip-172-26-1-104:~$ sudo ln -sf /etc/lego/certificates/maps.topographics.org.key /opt/bitnami/apache2/conf/server.crt bitnami@ip-172-26-1-104:~$ chown root:root /opt/bitnami/apache2/conf/server* chown: cannot dereference '/opt/bitnami/apache2/conf/server.crt': Permission denied chown: cannot dereference '/opt/bitnami/apache2/conf/server.crt.old': Permission denied chown: changing ownership of '/opt/bitnami/apache2/conf/server.csr.old': Operation not permitted chown: cannot dereference '/opt/bitnami/apache2/conf/server.key': Permission denied chown: cannot dereference '/opt/bitnami/apache2/conf/server.key.old': Permission denied

Here are the commands and output you requested if things didn't work:

bitnami@ip-172-26-1-104:~$ lego --version lego version 2.1.0 linux/amd64

bitnami@ip-172-26-1-104:~$ sudo ls -la /opt/bitnami/apache2/conf/ total 284 drwxr-xr-x 5 bitnami root 4096 Feb 5 13:49 . drwxr-xr-x 14 root root 4096 Jan 25 2018 .. drwxr-xr-x 2 bitnami root 4096 Feb 9 2018 bitnami -rw-r--r-- 1 bitnami root 289 Jan 25 2018 deflate.conf drwxr-xr-x 2 bitnami root 4096 Jan 25 2018 extra -rw-r--r-- 1 bitnami root 19965 Oct 4 18:47 httpd.conf -rw-r--r-- 1 bitnami root 13077 Jan 16 2018 magic -rw-r--r-- 1 bitnami root 60847 Jan 16 2018 mime.types -rw-r--r-- 1 bitnami root 7413 Aug 2 2012 modsecurity.conf drwxr-xr-x 3 bitnami root 4096 Jan 25 2018 original -rw-r--r-- 1 bitnami root 17301 Jan 25 2018 pagespeed.conf -rw-r--r-- 1 bitnami root 120982 Jan 25 2018 pagespeed_libraries.conf -rw-r--r-- 1 bitnami root 199 Jan 25 2018 php-fpm-apache.conf -rw-r--r-- 1 bitnami root 1834 Jan 25 2018 privkey.pem lrwxrwxrwx 1 root root 48 Feb 5 13:49 server.crt -> /etc/lego/certificates/maps.topographics.org.key lrwxrwxrwx 1 root root 48 Feb 2 03:44 server.crt.old -> /etc/lego/certificates/maps.topographics.org.key -rw------- 1 root root 899 Jan 25 2018 server.csr.old lrwxrwxrwx 1 root root 48 Feb 5 13:41 server.key -> /etc/lego/certificates/maps.topographics.org.key lrwxrwxrwx 1 root root 48 Feb 2 03:42 server.key.old -> /etc/lego/certificates/maps.topographics.org.key -rw-r--r-- 1 bitnami root 203 Jan 25 2018 ssi.conf

bitnami@ip-172-26-1-104:~$ sudo ls -la /etc/lego/certificates total 24 drwx------ 2 root root 4096 Feb 14 2018 . drwx------ 4 root root 4096 Feb 14 2018 .. -rw------- 1 root root 3575 Feb 5 12:43 maps.topographics.org.crt -rw------- 1 root root 1648 Feb 5 12:43 maps.topographics.org.issuer.crt -rw------- 1 root root 242 Feb 5 12:43 maps.topographics.org.json -rw------- 1 root root 1675 Feb 5 12:43 maps.topographics.org.key

What do I need to do next to get this to work?

Also, I see that the supplied email is used as the account id. Is it also used for communications such as notifying the user of software updates like I needed with Lego? The previously used email is not an active account and that's why I changed it. If the email is not used for such notifications how should I have made myself aware of the Lego update?

Thank you for your help. I do appreciate it.

jota 2019-02-06 10:53:44 UTC #6

Hi @dnotle,

Please note that I used "sudo" when writing the commands you needed to run

sudo chown root:root /opt/bitnami/apache2/conf/server*
sudo chmod 600 /opt/bitnami/apache2/conf/server*

However the configuration looks fine, can you start the Apache service now?

sudo /opt/bitnami/ctlscript.sh start

Please share the output of that command if it returns any error message. In that case, please run the Bitnami Support tool again

How to Run the Bitnami Support Tool

dnotle 2019-02-06 13:44:19 UTC #7

I should have caught my omission of "sudo". Thank you for pointing it out.

I ran the commands but unfortunately I'm still unable to start the Apache service.

bitnami@ip-172-26-1-104:~$ sudo chown root:root /opt/bitnami/apache2/conf/server* bitnami@ip-172-26-1-104:~$ sudo chmod 600 /opt/bitnami/apache2/conf/server* bitnami@ip-172-26-1-104:~$ sudo /opt/bitnami/ctlscript.sh start /opt/bitnami/mysql/scripts/ctl.sh : mysql started at port 3306 /opt/bitnami/php/scripts/ctl.sh : php-fpm started Syntax OK /opt/bitnami/apache2/scripts/ctl.sh : httpd could not be started

I ran the support tool. The code is e7631c5b-f31f-873b-767f-21c671064eda

Thanks.

jota 2019-02-07 10:29:02 UTC #8

Hi @dnotle,

It seems there is a problem with the certificate files you have, I got this information from the error log of Apache

[Wed Feb 06 13:11:01.496740 2019] [ssl:emerg] [pid 6376:tid 140388719253248] AH02562: Failed to configure certificate localhost:443:0 (with chain), check /opt/bitnami/apache2/conf/server.crt
[Wed Feb 06 13:11:01.496803 2019] [ssl:emerg] [pid 6376:tid 140388719253248] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Wed Feb 06 13:11:01.496818 2019] [ssl:emerg] [pid 6376:tid 140388719253248] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
AH00016: Configuration Failed

Could you please share with us the output of this command?

sudo ls -la /etc/lego/certificates

Can you check the certificate files and ensure they have the format of SSL certificates? (do not share their content)

The apache2/conf/server.crt file should look like this:

sudo cat /opt/bitnami/apache2/conf/server.crt

-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----

The apache2/conf/server.key file should look like this:

sudo cat /opt/bitnami/apache2/conf/server.key

-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----

Thanks

dnotle 2019-02-07 14:59:55 UTC #9

@jota,

I was able to start the Apache service and the website now works. I do have a concern though.

The results of running

sudo cat /opt/bitnami/apache2/conf/server.crt

and

sudo cat /opt/bitnami/apache2/conf/server.key

were identical:

-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----

I realized this was because of these previous commands:

sudo ln -sf /etc/lego/certificates/maps.topographics.org.key /opt/bitnami/apache2/conf/server.key sudo ln -sf /etc/lego/certificates/maps.topographics.org.key /opt/bitnami/apache2/conf/server.crt

As you can see, it was reading the key for both server.key and server.crt

This morning things work after I ran the second command as

sudo ln -sf /etc/lego/certificates/maps.topographics.org.crt /opt/bitnami/apache2/conf/server.crt

However, server.crt now has two different certificates in it:

-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
YYYYYYYYYYYYYYYYYYYY
-----END CERTIFICATE-----

Does this have the potential to cause problems in the future? If so, what should I do about it now?

Thanks.

gongomgra 2019-02-08 11:11:32 UTC #10

Hi @dnotle,

I think it should not affect anything but if you want, you can try to generate everything again from scratch just in case. You will need to backup the current certificates (just in case), remove symbolic links, generate new certificates and configure Apache again.

To do so, please follow the next steps:

Stop Apache webserver

sudo /opt/bitnami/ctlscript.sh stop apache

Unlink current certificates

sudo unlink /opt/bitnami/apache2/conf/server.crt
sudo unlink /opt/bitnami/apache2/conf/server.key
ls -lart /opt/bitnami/apache2/conf/server.*

Backup current certificates

sudo mv /etc/lego/certificates/maps.topographics.org.crt /etc/lego/certificates/maps.topographics.org.crt.backup
sudo mv /etc/lego/certificates/maps.topographics.org.key /etc/lego/certificates/maps.topographics.org.key.backup

Generate new SSL certificates. Please use your custom values.

sudo lego --tls --email="DIFFERENT-EMAIL" --domains="maps.topographics.org" --path="/etc/lego" run

Link the new certificates to the Apache folder

sudo ln -s /etc/lego/certificates/maps.topographics.org.crt /opt/bitnami/apache2/conf/server.crt
sudo ln -s /etc/lego/certificates/maps.topographics.org.key /opt/bitnami/apache2/conf/server.key

Start Apache server again

sudo /opt/bitnami/ctlscript.sh start apache

After that, please navigate to your site and check if the certificate is working. In case it is not, please restore the backup certificates running the commands below

sudo /opt/bitnami/ctlscript.sh stop apache
sudo cp /etc/lego/certificates/maps.topographics.org.crt.backup /etc/lego/certificates/maps.topographics.org.crt
sudo cp /etc/lego/certificates/maps.topographics.org.key.backup /etc/lego/certificates/maps.topographics.org.key
sudo /opt/bitnami/ctlscript.sh start apache

Hope it helps,
Gonzalo

dnotle 2019-02-11 03:09:01 UTC #11

Gonzalo, thank you for these instructions. For now I'm going to hold off on them. Before you close the ticket, what is the best way to stay informed of software updates or other information I need to keep things running? Thanks.

gongomgra 2019-02-11 16:24:29 UTC #12

Hi @dnotle,

What kind of information do you want to get notified about? If you want to get the latest information about security issues, you can check our blog at https://blog.bitnami.com/

Regards,
Gonzalo

dnotle 2019-02-13 03:19:23 UTC #13

Gonzalo, thanks for the blog link. Otherwise, how should I have been aware of the latest version of the Lego tool (see above)?

gongomgra 2019-02-13 11:13:07 UTC #14

Hi @dnotle,

Find below the link to the releases section of the Lego GitHub repo. There you can know the latest published version of Lego.

Please note that newer versions of Lego could require changes on the command to generate and renew certificates.

Regards,
Gonzalo

dnotle 2019-02-14 02:42:23 UTC #15

Thank you Gonzala @gongomgra and @jota very much for this help and information.

gongomgra 2019-02-14 10:14:06 UTC #16

Hi @dnotle,

Thanks for your kind words! We are glad you could fix your issue. We will close this ticket as solved.

Do not hesitate to ask any other question you may have.

Best regards,
Gonzalo

gongomgra 2019-02-14 10:14:31 UTC #17

Bitnami provides free all-in-one installers, virtual machines and cloud images for popular open source applications. Get them now!