Lost server.crt and server.key

Keywords: WordPress - Google Cloud Platform - Technical issue - Other

bnsupport ID: 34d2a5fb-107a-e6a1-a0c4-5a91368e5abe

bndiagnostic output:

? Apache: Found possible issues
? Resources: Found possible issues
? Connectivity: Found possible issues
? Processes: Found possible issues
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
https://docs.bitnami.com/general/faq/administration/use-firewall/

Description:
I try to follow the below link to create SSL Certificate:
https://docs.bitnami.com/google/how-to/generate-install-lets-encrypt-ssl/.

After I repeat the steps many times, it seems not work for me.
So I use the below command t delete the letsencrypt and try to repeat the steps again:
rm -rf /opt/bitnami/letsencrypt

Many error occurs after I deleted letsencrypt:

  1. When I enter the command to request a new certificate for my domain again, it show the below error:
acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours
  1. When I run the below command:
sudo ln -sf /opt/bitnami/letsencrypt/certificates/{mydomain}.key /opt/bitnami/apache2/conf/bitnami/certs/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/{mydomain}.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt

it shows the below error:

chown: cannot dereference '/opt/bitnami/apache2/conf/bitnami/certs/server.crt': No such file or directory
chown: cannot dereference '/opt/bitnami/apache2/conf/bitnami/certs/server.crt.old': No such file or directory
chown: cannot dereference '/opt/bitnami/apache2/conf/bitnami/certs/server.key': No such file or directory
chown: cannot dereference '/opt/bitnami/apache2/conf/bitnami/certs/server.key.old': No such file or directory
  1. When I start the bitnami service again using this command:
sudo /opt/bitnami/ctlscript.sh start
Error:
Job for bitnami.service failed because the control process exited with error code.
See "systemctl status bitnami.service" and "journalctl -xe" for details.
it causes me cannot access to my wordpress website.

Is that means I lost my server.crt and server.key? I try to link the new SSL certificate and certificate key file but it reach the limit to I cannot get a new certificates.

Hello @info.beeprepared

Thanks for using our WP stack! You are trying to create a symlink from /opt/bitnami/letsencrypt/certificates/{mydomain}.key, but you removed those files when your executed rm -rf /opt/bitnami/letsencrypt. As the guide explains, you will need to execute the following after removing the folder:

sudo mv /opt/bitnami/apache2/conf/server.crt.old /opt/bitnami/apache2/conf/server.crt
sudo mv /opt/bitnami/apache2/conf/server.key.old /opt/bitnami/apache2/conf/server.key
sudo mv /opt/bitnami/apache2/conf/server.csr.old /opt/bitnami/apache2/conf/server.csr
sudo /opt/bitnami/ctlscript.sh restart

The issue is that you do not have the .old files, probably because you didn’t perform a backup of them back when you started configuring the SSL certificate. To solve this, you just need to first remove the existing symlinks that are now pointing nowhere:

ls -la apache/conf/bitnami/certs

drwxrwxr-x 2 bitnami root 4096 Oct 13 05:42 .
drwxrwxr-x 4 bitnami root 4096 Oct 13 01:28 ..
lrwxrwxrwx 1 root    root   43 Oct 13 05:42 server.crt -> /etc/lego/certificates/domain.crt
lrwxrwxrwx 1 root    root   43 Oct 13 05:42 server.key -> /etc/lego/certificates/domain.key

To do so, execute the following:

sudo rm apache/conf/bitnami/certs/server.crt
sudo rm apache/conf/bitnami/certs/server.key

After that, generate a dummy certificate following this guide:

https://docs.bitnami.com/aws/apps/wordpress/administration/create-ssl-certificate-apache/

That would get your site back up again. Regarding the error from letsencrypt, I’m afraid you won’t be able to create new certificates for that exact set of domains. You can add a subdomain (even though you won’t use it) or wait a week until the API resets the counter. That is a limitation imposed by Let’s Encrypt to avoid exploitation of their free server and there is nothing we can do on our side.

Regards,
Francisco de Paz

It works! Thank you so much!

Hello @info.beeprepared,

I’m glad it worked! I’ll be closing this thread as it is now marked as solved. Do not doubt to open a new thread if you encounter any new problems.

Regards,
Francisco de Paz