Lets Encrypt SSL Certificate for two domains

anavrin 2019-10-18 20:21:15 UTC #1

Keywords: LAMP/MAMP/WAMP - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: b3139328-ecf0-dfd8-ba2a-643a06a8ffb8
Description:
Hey Guys,

So I am running into some issues regarding the SSL encryption after using the BNCert tool. When going through the prompts I listen both domains and it seems like there will be only one certificate for the Server IP and it will be in the name of the first domain listed. I previously requested a certificate for the second domain that I requested the cert during this process, however I never revoked it and it seems like the installation process only catches previous certs if the domain is listed in the 1st place (in my case in the current directory the domain that previously was issued a cert is listed under 'wordpress2' hence I listed it second). The installation was successful however I was notified that auto renewal had experienced a failure and i was not too concerned as that I can deal with.

Here start the issues - the domain to which the SSL cert was issued now points to the SERVER IP and not the Virtual Host that was configured just recently. The second domain does not have a padlock, but upon checking it seems like it has a hand registered cert though it seems like it is the old one.

Here are the installation steps I took:

cd /tmp
wget -O bncert-linux-x64.run https://downloads.bitnami.com/files/bncert/latest/bncert-linux-x64.run
sudo mkdir /opt/bitnami/bncert
sudo mv bncert-linux-x64.run /opt/bitnami/bncert/
sudo chmod +x /opt/bitnami/bncert/bncert-linux-x64.run
sudo ln -s /opt/bitnami/bncert/bncert-linux-x64.run /opt/bitnami/bncert-tool
sudo /opt/bitnami/bncert-tool

Added both domains
- enable http to https redirection: y
- enable non-www to www redirection: n
- enable www to non-www redirection: y
- Agree to changes: y

Once the installation process was complete I proceeded to make the following revisions:

Wp-config files for both domains - added 's' to http in the define fields

define('WP_SITEURL', 'http://domain.com/');
define('WP_HOME', 'http://domain.com/');

Substituted override for All in the following: /opt/bitnami/apps/letsencrypt/conf/httpd-app.conf

AllowOverride None
with
AllowOverride All

What would be my next step? Revoke the certificate altogether, or the old one somehow and run the process once again after substituting for a dummy key in Apache? Or is there perhaps another way?

I also ran the Bitnami Support tool and the code is provided in the thread.

Thank you again!

jota 2019-10-21 09:58:38 UTC #2

Hi @anavrin,

You are right, if you set different domains when running the Bitnami HTTPS configuration tool, only one file will be created but it will include the information of all the domains you set. You can verify this by clicking on the green padlock and opening the certificate information

However, the HTTPS configuration tool only configures the main SSL certificates in Apache (/opt/bitnami/apache2/conf/bitnami/bitnami.conf file). If you created new virtual host files in the apps/APPNAME/conf/httpd-vhosts.conf file, you will also need to update the path to these certificates in the conf files. You will need to edit both httpd-vhosts.conf files and update the VirtualHost for the 443 port

    SSLCertificateFile "/opt/bitnami/apache2/conf/visitwickerpark.com.crt"
    SSLCertificateKeyFile "/opt/bitnami/apache2/conf/visitwickerpark.com.key"

After editing those lines in those files and restarting Apache, you shouldn't receive any warning when accessing your applications

Happy to help!

Was my answer helpful? Click on

anavrin 2019-10-21 10:27:33 UTC #3

Hi @jota,

Thank you for your response!

I implemented the changes and I know that some things take time, however I have the impression that something else might be amiss as after restarting the Apache server there is no change unfortunately.

Do the changes to override that I mentioned make a huge difference in this case? Perhaps maybe there is something else at play preventing the site from loading up...?

anavrin 2019-10-21 10:31:49 UTC #4

I ran the support tool again in case that helps: f98f2360-6a87-2ded-3789-d312d3474237

Thank you!

jota 2019-10-22 07:24:27 UTC #5

Hi @anavrin,

The deeles.com site is working properly now but visitwickerpark.com is not. That second site is not using its own virtual host, it's using the default one (/opt/bitnami/apache2/conf/bitnami/bitnami.conf) because the ServerName in the main configuration file (/opt/bitnami/apache2/conf/httpd.conf) matches with that domain. You edited this parameter, could you please revert it back?

ServerName localhost:80

Everything should work properly after restarting Apache

anavrin 2019-10-23 05:32:21 UTC #7

Hi @jota,

That worked! I ended up setting up a second instance as I will just split the two sites across two for ease. Also, it is a bit tricky as the ServerName keeps updating by itself and if I go through the prompts with two domains on one server I get an error regarding automatic renewals... I will just use the Virtual Host to create an additional site on one of the instances, but will not bother obtaining the SSL on it.

Two more questions for you as I am having trouble with this, how I do get the redirect working properly as one of the domains does not automatically get redirected to https://. I would just want all http, non-www and www traffic to be redirected to https://. Is there a config file where I can manually adjust these? I know the Cert tool prompted those questions, however it doesn't seem like it worked.

Also, I am would be interested in pointing some domains to either a sub directory or a sub domain on my Lamp WP module. Is that possible on this module or would I need a Multi WP in a separate instance? I am interested in getting a few domains pointed to my domain, since I am limited to 3 DNS zones on Lightsail as otherwise I would just create a Virtual Host for each one.

Thank you again!

jota 2019-10-23 09:21:30 UTC #8

Hi @anavrin,

The serverName value is updated by the Bitnami HTTPS configuration tool. What error did you get when using the tool and configuring the cron job?

If you have 2 instances for your 2 apps, you won't need to generate new virtual hosts because the default one will serve the application using your domain and your certificates.

The tool asks you if you want to force the redirection to https and to www or non-www. If you used the tool, can you run the Bitnami support tool again and share the information with us? I understand you want to redirect to https://non-www-domain right?

You can have the default virtual host (/opt/bitnami/apache2/conf/bitnami/bitnami.conf) to serve the WordPress' files (using your domain and your certificates) and configure new virtual hosts to serve those other folders (you will need to set the certificates in those virtual hosts you will create)

Let us know if you have any questions

anavrin 2019-10-24 05:59:42 UTC #9

Hi @jota,

This is the error that I got - basically it kept recurring as long as two domains were being added to the certificate. Once I ran the tool for just one domain, the result was no automatic renewal error.

As far as the prompts, I am pasting my answers...maybe its the precedence that screws this up but I am not sure.

jota 2019-10-24 10:12:19 UTC #10

Hi @anavrin,

It seems that the certificates were properly generated and the configuration changes were made. The problem is only when configuring the renewal process. Can you run the Bitnami Support tool again so we review those changes and let you know how to proceed?

How to Run the Bitnami Support Tool

anavrin 2019-10-24 15:35:53 UTC #11

Hi @jota,

Correct, all is fine now as I just re-ran the tool with just one domain listed (no error). The first screenshot was from two days ago when I did receive the error when trying to get two domains under one cert ...I was just pointing out that there is an issue that perhaps needs to be addressed at some point. I will stick to just having one cert on each instance. I will just need to figure out my redirections as they do not entirely work.

Thank you once again for all the help! Have a great weekend.

jota 2019-10-25 09:17:52 UTC #12

Let us know if you have any questions or need help

anavrin 2019-12-03 06:24:11 UTC #13

Hi @jota,

Hope all is well with you

I wanted to ask you if switching from https:domain to https://www.domain once the virtual host had been configured poses issues once all the config files are updated - that is precisely my situation. I updated the wp-config.php file along with the v hosts and then ran the cert tool, however I was only getting the LAMp stack homepage and not my Wordpress homepage.

I ran the support tool and if you can shed some light on why this operation did not go as it should I would greatly appreciate it. Thank you

06ca20e5-8c76-42ce-e0b6-0473a794c6b6

gongomgra 2019-12-03 11:37:09 UTC #14

Hi @anavrin,

As mentioned by @jota in a previous post, the ServerName value of your /opt/bitnami/apache2/conf/httpd.conf file is set to www.visitwickerpark.com:80 instead of localhost:80. Can you update this in the httpd.conf file and restart Apache?

sudo /opt/bitnami/ctlscript.sh restart apache

Hope it helps,
Gonzalo

anavrin 2019-12-03 20:35:04 UTC #15

Thank you Gonzalo, that was the one I missed apparently since this is a different server that I am configuring it on have a good rest of the week!

gongomgra 2019-12-04 09:26:40 UTC #16

Hi @anavrin,

Thanks for your kind words. I'm glad you fixed your issue! We will close this thread as solved. Please do not hesitate to open a new one with any other questions you may have.

Best regards,
Gonzalo

gongomgra 2019-12-04 09:26:45 UTC #17

Bitnami provides free all-in-one installers, virtual machines and cloud images for popular open source applications. Get them now!