Installing Let's Encrypt certificate

Hello everyone,

Firstly, I want to thank @peterluu so much for helping @bilalazhar. It’s very nice to see how Community users try to help each other.

Secondly, regarding your issue. I would like to have a general overview about your configuration. We have a Support Tool that will gather relevant information for us to debug the issue. Could you please download and execute it in the machine where the stack is running?

Basically you need to connect via SSH and run the commands:

wget -O bnsupport_tool https://downloads.bitnami.com/files/bnsupport/0.2.0/bnsupport-linux-x64.run
chmod +x bnsupport_tool
./bnsupport_tool

The output of the execution of this tool will be a zip file with all the information inside. Could you please send it to juan[at]bitnami[dot]com ?

You can download the zip file from your instance, you can follow this guide to download it and the send it to me via mail.

Lastly, you mentioned:

Also after this problem is solved what is next step to go and change my site address from http to https in wp-config file or something else as instructions were not very clear what to do so kindly help me out.

Well, once you fix the problem with Let’s Encrypt, you just need to follow this guide in order to force the redirection:
https://docs.bitnami.com/aws/components/apache/#how-to-force-https-redirection-for-an-application

Best Regards,

Juan Ariza

Hey @jariza thanks for your reply , I have sent you zip file kindly check it
Thanks
Bilal

Hello @bilalazhar

I noticed you also created this ticket I will close it and continue here with the discussion in order to avoid confusion.

Where did you send the ZIP file to? I have been checking my mail inbox and I don’t have any mail coming from the mail account you have associated to the Community User. Did you send them to juan@bitnami.com? Are you using a different mail account?

Best Regards,

Juan Ariza

i am using a different mail account I sent it from bilalazhar77@gmail.com but i will send it again from my bitnami account email
Thanks

kindly check your mail I sent it again
Thanks

Hello @bilalazhar

Thanks!! I could receive the ZIP file this time.

I can see in your configuration file /opt/bitnami/apache2/conf/bitnami/bitnami.conf the line below:

SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"

Taking a look to the output of the command ls -lh /opt/bitnami/apache2/conf/ you shared before, I can see that /opt/bitnami/apache2/conf/server.key is indeed a Symbolic Link to /etc/letsencrypt/live/agirlsshop.com/private.pem.

Could you check if that file exists? Could you run the command below?

ls -la /etc/letsencrypt/live/agirlsshop.com/

On the other hand, you have your certificates at /opt/bitnami/apps/wordpress/letsencrypt/live/[sitename] and you’re configuring Apache to take them from /etc/letsencrypt/live/agirlsshop.com/. It seems to me that you created the certificates twice.

Best Regards,

Juan Ariza

Hey @jariza I tried this command

ls -la /etc/letsencrypt/live/agirlsshop.com/
this is output
ls: cannot access /etc/letsencrypt/live/agirlsshop.com/: No such file or directory

Given above is the output . I am really confused kindly tell me what to do
Thanks

Hello @bilalazhar

There we have the problem! Your configuration is trying to use a certificate that doesn’t exist!! You need to edit the symbolic links /opt/bitnami/apache2/conf/server.crt and /opt/bitnami/apache2/conf/server.crt so they point to the certificates generated with the WordPress Plugin instead of pointing to non-existing files.

Please run the commands below and restart apache:

sudo ln -s /opt/bitnami/apps/wordpress/letsencrypt/live/[sitename]/fullchain.pem /opt/bitnami/apache2/conf/server.crt
sudo ln -s /opt/bitnami/apps/wordpress/letsencrypt/live/[sitename]/private.pem  /opt/bitnami/apache2/conf/server.key 
sudo /opt/bitnami/ctlscript.sh restart apache

Best Regards,

Juan Ariza

1 Like

Thanks a lot @jariza this solved my problem. Documentation should be updated so that new users do not get confused .
Thanks again for the help

Hello @bilalazhar

That’s great!!! We are glad that you were able to fix the issue. Thanks for the feedback, I added this Thread to be reviewed by the Docs Team to see if the documentation needs to be improved.

If you have any other questions, please do not hesitate to let us know.

Best Regards,

Juan Ariza

Sorry @jariza, if I was paying attention to the directories, I would have noticed the link was pointing to the wrong place. I realise my own instructions were slightly incorrect in creating the symbolic links, that’s probably where the confusion arose. Thanks for all your help here.

Hello @peterluu

No problem!! As I mentioned previously we highly appreciate when you help each other. The success of a community such as this is based on users like you wiling to help other users.

Best Regards,

Juan Ariza

I’ve tried to collate instructions for installing Let’s Encrypt on a Wordpress installation to make things a little clearer.

Install Let’s Encrypt

As the instructions are quite well documented follow these instructions here. Return here after generating your certificates.

Once you have generated your certificates, follow the steps below.

Follow these steps:

Rename existing files to avoid conflict.

$ mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.bak
$ mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.bak

Link your SSL certificate and certificate key file to the correct locations. Remember to replace the DOMAIN placeholder with your actual domain name.

$ sudo ln -s /opt/bitnami/apps/wordpress/letsencrypt/live/DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt
$ sudo ln -s /opt/bitnami/apps/wordpress/letsencrypt/live/DOMAIN/private.pem /opt/bitnami/apache2/conf/server.key

Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:

$ sudo chown root:root /opt/bitnami/apache2/conf/server*
$ sudo chmod 600 /opt/bitnami/apache2/conf/server*

Open port 443 in the server firewall. Refer to the FAQ for more information.

Restart the Apache server:

$ sudo /opt/bitnami/ctlscript.sh restart apache

Troubleshooting

If there are any issues, correct permissions may need to be reapplied to Let’s Encrypt. Apply the following commands, IF you have any issues after following the above instructions.

$ sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/letsencrypt
$ sudo find /opt/bitnami/apps/wordpress/letsencrypt -type d -exec chmod 0775 {} \;
$ sudo find /opt/bitnami/apps/wordpress/letsencrypt -type f -exec chmod 0664 {} \;

Hi,

Thank you very much @peterluu for return with this information, we will evaluate it to improve our documentation or guides.

We are marking this topic as “Solved” (with your solution). If you have any other questions, please do not hesitate to let us know. Feel free to create a new topic referencing to this one if necessary.

Best regards,
Carlos R. Hernández