I can't access phpmyadmin and ssl lets encrypt certificate expired

Keywords: Nginx - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 2ba00913-0b09-5cb4-4f8c-276c62750bef
Description:
I have instalation wordpress with lets encrypt, but the certificate that expiration and I can’t generate other because I’m temporarily blocked. While waiting for liberation I need to enter database to change url for http, but page 127.0.0.1:8888/phpmyadmin shows connection refused.

The site is down and not necessary https in moment, but I need that site is up for the work.

The code diagnostic:
2ba00913-0b09-5cb4-4f8c-276c62750bef

Hi @cassiomurilo,

I can see that there are no valid certificates in your instance. You will first need to remove the current files you have

sudo rm -rf /opt/bitnami/nginx/conf/server.crt
sudo rm -rf /opt/bitnami/nginx/conf/server.key

and then generate dummy certificates for NGINX to work again

https://docs.bitnami.com/aws/apps/wordpress-pro/administration/create-ssl-certificate-nginx/

Once you have those dummy certificates. Please follow these instructions to generate a new Let’s Encrypt certificate

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#alternative-approach

Can you run this command from the instance’s terminal?

curl -LI localhost/phpmyadmin

Happy to help!


Was my answer helpful? Click on :heart:

I not generate this dummy certificate because NGINX is running.

I run again Let’s Encrypt:

Could not obtain certificates:
acme: error: 429 :: POST :: https:// acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: elluc.com.br,www. elluc.com.br: see letsencrypt.org/docs/rate-limits/

HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0
Date: Mon, 07 Jun 2021 14:39:00 GMT
Content-Type: text/html
Connection: keep-alive
Location: https:// localhost/phpmyadmin
X-Frame-Options: SAMEORIGIN

curl: (7) Failed to connect to localhost port 443: Connection refused

Hi @cassiomurilo,

You ran the command several times and reached the limits. You now need to wait some time to renew the certificate.

You are redirecting the request to https so you need to generate a SSH tunnel using 8888 as local port and 443 as destination port and use https://localhost:8888/phpmyadmin in your browser.

I had already tried this method, several times

I know, that’s why I asked for help to be able to access phpmyadmin and be able to work on the site.

Hi @cassiomurilo,

What happens when you try to access the website? I can’t help you if you just say that it doesn’t work. Do you get redirected? What error do you get? Can you try using https://localhost:8888/phpmyadmin/ (notice the / at the end)?

See the various errors in differents tests
(with https://; with http://; with localhost; with 127.0.0.1; in Firefox, in Chrome):

  • Code error: SSL_ERROR_RX_RECORD_TOO_LONG
  • connexion refused
  • Unable to connect
  • Secure Connection Failed

And Yes, I tested with / or not / at the end

Hi @cassiomurilo,

To avoid more delays here, let’s follow a different approach. Let’s configure phpMyAdmin to accept the connections from your IP address, that way you won’t need to configure the SSH tunnel.

  • Access myip.bitnami.com to get your IP
  • Access the instance using a SSH connection and edit the /opt/bitnami/apps/phpmyadmin/conf/nginx-app.conf file. You just need to add a new “allow” line with your IP
...
allow 127.0.0.1;
allow YOUR_IP_HERE;
deny all;
...
  • Restart NGINX and try to access the application now
sudo /opt/bitnami/ctlscript.sh restart nginx

Let me know if that works for you.

Thanks, but we tested this metod too

Hi @cassiomurilo,

I just noticed that you commented out all the SSL lines in the NGINX’s configuration (/opt/bitnami/nginx/conf/bitnami/bitnami.conf) and that’s why you can’t access phpmyadmin using https

    # HTTPS server

#    server {
 #      listen       443 ssl;
  #     server_name  localhost;

   #    ssl_certificate      server.crt;
    #   ssl_certificate_key  server.key;

     #  ssl_session_cache    shared:SSL:1m;
      # ssl_session_timeout  5m;

     #  ssl_ciphers  HIGH:!aNULL:!MD5;
     #  ssl_prefer_server_ciphers  on;

       #include "/opt/bitnami/nginx/conf/bitnami/phpfastcgi.conf";

      # include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf";
   # }

That’s not a good solution and I suggest you uncomment those lines and generate dummy certificate to use https in your site.

sudo mv /opt/bitnami/nginx/conf/server.crt /opt/bitnami/nginx/conf/server.crt.back
sudo mv /opt/bitnami/nginx/conf/server.key /opt/bitnami/nginx/conf/server.key.back

Then, generate new dummy certificates by following this guide

https://docs.bitnami.com/aws/apps/wordpress-pro/administration/create-ssl-certificate-nginx/

and restart NGINX

sudo /opt/bitnami/ctlscript.sh restart nginx

You should be able to access your site now (You will get a warning saying that the certificate is a self-signed one though). Once you can generate your Let’s Encrypt certificate again, just update the server.crt and server.key files as our guide explains.

If you do not want to force https so users do not get that warning, just comment out this line in the /opt/bitnami/nginx/conf/bitnami/bitnami.conf and restart NGINX

  return 301 https://$host$request_uri;

Now the site show error: “File not found.” in Chrome and Firefox the site run one time.

I tried to create a new letsencrypt certificate, but the error saying it already exists.

And I tried the command to renew the certificate, but I got an error: “no such file or directory”

I run tool bitnami again: f07f99ed-fa7d-681f-68e4-a93bc5faccbf

Found recent error or warning messages in the Nginx error log.

2021/06/11 18:22:14 [error] 13873#0: *75 FastCGI sent in stderr: “Primary script
unknown” while reading response header from upstream, client: ip_address,
server: localhost, request: “GET /wp-admin/ HTTP/1.1”, upstream:
“fastcgi://unix:/opt/bitnami/php/var/run/www.sock:”, host: “elluc.com.br”
2021/06/11 18:22:33 [error] 13873#0: *75 FastCGI sent in stderr: “Primary
script unknown” while reading response header from upstream, client:
ip_address, server: localhost, request: “GET /wp-admin/ HTTP/1.1”, upstream:
“fastcgi://unix:/opt/bitnami/php/var/run/www.sock:”, host: “elluc.com.br”
Press [Enter] to continue:
2021/06/11 18:22:39 [error] 13873#0: *75 FastCGI sent in stderr: “Primary
script unknown” while reading response header from upstream, client:
ip_address, server: localhost, request: “GET / HTTP/1.1”, upstream:
“fastcgi://unix:/opt/bitnami/php/var/run/www.sock:”, host: “elluc.com.br”

Hi @cassiomurilo,

can you run the Bitnami Support tool again so we review the information with the latest changes in the configuration?

Correct, the certificates were removed. You need to generate the certificates from scratch (using the “run” method of the lego tool and follow the entire guide in our documentation)

We were able to install the new certificate, it is now validated.

But the site does not open, it appears: “File not found.”

I ran the tool again:
e52820e2-9ae7-2506-e9c7-17b105c1fad8

Hi @cassiomurilo,

I see that you uncommented this line in the /opt/bitnami/nginx/conf/bitnami/bitnami.conf file

include "/opt/bitnami/nginx/conf/bitnami/phpfastcgi.conf";

Could you please comment it out again and restart NGINX to see if that fixes the issue?

We’ve already done that, commenting and uncommenting and it hasn’t resolved.

The tool diagnostic related this:
8c2761e9-fd45-eca2-6780-304ecd153115

Found recent error or warning messages in the Nginx error log.

2021/06/16 15:18:52 [error] 5282#0: *1 FastCGI sent in stderr: "Primary script 
unknown" while reading response header from upstream, client: **ip_address**, 
server: localhost, request: "GET / HTTP/1.1", upstream: 
"fastcgi://unix:/opt/bitnami/php/var/run/www.sock:", host: "elluc.com.br"
 2021/06/16 15:18:57 [error] 5282#0: *1 FastCGI sent in stderr: "Primary script 
unknown" while reading response header from upstream, client: **ip_address**, 
server: localhost, request: "GET / HTTP/1.1", upstream: 
"fastcgi://unix:/opt/bitnami/php/var/run/www.sock:", host: "elluc.com.br"

 2021/06/16 15:18:58 [error] 5282#0: *1 FastCGI sent in stderr: "Primary script 
unknown" while reading response header from upstream, client: **ip_address**, 
server: localhost, request: "GET /favicon.ico HTTP/1.1", upstream: 
"fastcgi://unix:/opt/bitnami/php/var/run/www.sock:", host: "elluc.com.br", 
referrer: "https://elluc.com.br/"

Please check the following guide to troubleshoot server issues:
https://docs.bitnami.com/installer/infrastructure/nginx/troubleshooting/

[Resources]
Your instance has little available RAM memory.

              total        used        free      shared  buff/cache   available
Mem:            987         625          71           5         290         199
Swap:           634          14         620

You could try to increase your instance's memory. Please check your cloud 
provider's documentation for more information.

[Mysql]
Found recent error messages in the MySQL error log:
2021-06-15T21:03:41.687910Z 8 [ERROR] [MY-010338] [Server] Can't find 
error-message file '/opt/bitnami/mysql/share/errmsg.sys'. Check error-message 
file location and 'lc-messages-dir' configuration directive.


Please check the following guide to troubleshoot MySQL issues:
https://docs.bitnami.com/aws/apps/wordpress/troubleshooting/debug-errors-m
ysql/

[Php]
The following error appears in the /opt/bitnami/php/var/log/php-fpm.log:

[13-Jun-2021 23:31:28] WARNING: [pool www] server reached max_children setting 
(5), consider raising it

This error usually indicates PHP script execution is slow due to busy server 
resouces or buggy scripts. Please check the following guide to increase the 
number of PHP-FPM child processes:
https://docs.bitnami.com/general/apps/wordpress/configuration/configure-ph
pfpm-processes/

===== End of bndiagnostic tool output =====

Keywords: WordPress + NGINX + SSL - AWS - Technical issue - Other
bnsupport ID: 2ba00913-0b09-5cb4-4f8c-276c62750bef
Description:
I retrieved the LetsEncrypt certificate that had expired, but now the site won’t open and gives the error: “File not found.”