Old certificate versus New one

Keywords: WordPress - AWS - Technical issue - Secure Connections (SSL/HTTPS)

bndiagnostic ID: 27165000-8346-2464-0083-537fc1b13491

bndiagnostic output:

? Apache: Found possible issues
? Resources: Found possible issues
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
https://docs.bitnami.com/bch/apps/moodle/troubleshooting/deny-connections-bots-apache/
https://docs.bitnami.com/installer/faq/linux-faq/administration/increase-memory-linux/

bndiagnostic failure reason: The suggested guides are not related with my issue

Description:
Hello,

Even if I’m a “normie” (not a Linux user, etc.), I finally could connect SSH to my AWS/wordpressBitnami instance then install the SSL thanks to your bncert tool (I had installed a AWS SSL certificate but it was not working). I thought it was a success. Everything looked ok (secured connexion …).

But today, my connexion is not secured anymore, so:

  • I restarted Apache

  • I removed the Load balancer I used with the old SSL AWS certificate

  • I checked:

    • your troubleshoot SSL Issues webpage: it seems I didn’t replace correctly the SSL certificates (I had installed a SSL AWS certificate)
    • your “Check SSL configuration” YT video: indeed, when I type “cat /opt/bitnami/apache2/conf/bitnami/bitnami.com | grep SSLCert”, I got “cat: /opt/bitnami/apache2/conf/bitnami/bitnami.com: No such file or directory”

    So please, can you tell me how I can remove the old certificates and be sure that the Bitnami/Letsencrypt certificates are the operational ones? I repeat I’m not familiar with Linux (I just understood yesterday where I have to enter the command lines whose you speak about in your support forum …).

    I hope you can help me.

All the best,
Aloïs

Hi @AloisLIEN,

The following guide explains how to configure a certificate manually:

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#alternative-approach

You can use it to go through the steps and compare it with your own configuration.

Regards,
Michiel

Hello Michiel,

I follow carefully the process (Approach A, Lego v4.7.0, my domains and email …) but it doesn’t work. All looks fine until the command: sudo chown root:root /opt/bitnami/apache2/conf/bitnami/certs/server*

I double checked:

  • I don’t use Load Balancer anymore. I did to install my old Amazon certificate, but I removed it, and I redid my DNS (A entries).
  • My domain name points to the public IP address of the Bitnami application host.

Hopefully you can help me find the solution.

All the best,
Aloïs

Hi @AloisLIEN,

You are using the DOMAIN placeholder in your commands to create a symlink. You need to replace that with the actual domain.

So first remove that:

sudo rm /opt/bitnami/letsencrypt/certificates/DOMAIN*
sudo rm /opt/bitnami/apache2/conf/certs/server*

And then start at the same step:

sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/apache2/conf/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/apache2/conf/server.crt
sudo chown root:root /opt/bitnami/apache2/conf/server*
sudo chmod 600 /opt/bitnami/apache2/conf/server*

Regards,
Michiel

Hi Michiel,

Ok, my bad. I didn’t see the IMPORTANT message about the placeholder (even in caps) -_-

1st attempt:
When I type your remove commands, I get a “No such file or directory”:


If I type all the same the commands after then restart Bitnami services, my website is not secured yet.
Sans titre2

2nd attempt:
When I type your remove commands by replacing DOMAIN by technologies-france.com, I get this:


My website is down.

What can I do to solve this please?

All the best,
Aloïs

@michiel

My website is come back, after I redid all the process from Step 1 described here: Generate and Install a Let's Encrypt SSL Certificate for a Bitnami Application

Btw, at the end of Step 1 of this guide, have I to stay in tmp dir or not in order to begin the step 2?

Sorry to ping you, but I don’t know why your last instructions didn’t solve my problem. I want to understand. I thank you in advance for helping.

All the best,
Aloïs

Hi @AloisLIEN,

Can first issue a new certificate? I think the old ones have been removed:

sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --domains="www.DOMAIN" --path="/opt/bitnami/letsencrypt" run

And then continue with these commands?

sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/apache2/conf/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/apache2/conf/server.crt
sudo chown root:root /opt/bitnami/apache2/conf/server*
sudo chmod 600 /opt/bitnami/apache2/conf/server*

Regards,
Michiel

Hi @michiel,

I wrote your commands as you can see below. No error message in the command invite, but my website keeps looking insecured (step 4 test fails).

If you don’t know what can be the problem, have you please a process to remove everything related to certificate SSL then start again all the process from scratch?

Thanks in advance,
Aloïs

Hi @AloisLIEN,

I visited your site, the certificate seems to be ok. Can you give more details?

Regards,
Michiel

Hello @michiel,

When I visit my website with Firefox, I still see that the connexion is not secured (cf. screenshot below):

But when I visit it with Chrome, everything seems to be ok. You’re right. Maybe the cause is the cache of Firefox. I don’t know.

I just installed the script to renew automatically the certificate. I hope everything will be fine :slight_smile:

A true thank you for your help. It helps me a lot!

All the best,
Aloïs

Hi @AloisLIEN,

Try in incognito mode, to check if it’s a caching issue.

Regards,
Michiel

I have same Problem with my blog, can you help me?

(post deleted by author)