Outdated Documentation

Keywords: WordPress + NGINX + SSL - Google Cloud Platform - How to - Secure Connections (SSL/HTTPS)

Description:

  • My website does not respond with the LetsEncrypt certificate that I installed.
  • I have opened the ports in all the ways indicated by the community and it is still not displayed as safe.
  • I need a step by step on how to enable the certificate with the changes that have been implemented.

Thanks

Hi @paola,

First of all, let’s get more info from your instance. We have a Support Tool that will gather relevant information for us to analyze your configuration and logs. Could you please execute it on the machine where the stack is running by following the steps described in the guide below?

Please note that you need to paste the code ID that is shown at the end.

ID Code
c148880b-0f65-c3fd-27dd-aa2d1a76cb33

Hi @paola,

It seems there is a typo in the NGINX’s configuration files

2021/07/01 17:53:19 [emerg] 11761#11761: "server" directive is not allowed here in /opt/bitnami/nginx/conf/server_blocks/wordpress-server-block.conf:10
2021/07/01 17:58:28 [emerg] 11827#11827: unexpected "}" in /opt/bitnami/nginx/conf/server_blocks/wordpress-server-block.conf:8

Can you post the output of these commands here?

sudo cat /opt/bitnami/nginx/conf/server_blocks/wordpress-server-block.conf
sudo cat /opt/bitnami/nginx/conf/server_blocks/wordpress-https-server-block.conf

Thanks

Hello

Running the first command

sudo cat /opt/bitnami/nginx/conf/server_blocks/wordpress-server-block.conf

I get this:

server {
    # Port to listen on, can also be set in IP:PORT format
    listen 80 default_server;
    root /opt/bitnami/wordpress;
    # Catch-all server block
    # See: https://nginx.org/en/docs/http/server_names.html#miscellaneous_names
    server_name _;
    # BEGIN Fix for WordPress plugins and themes
    # Certain WordPress plugins and themes do not properly link to PHP files because of symbolic links
    # https://github.com/bitnami/bitnami-docker-wordpress-nginx/issues/43
    rewrite ^/bitnami/wordpress(/.*) $1 last;
    # END Fix for WordPress plugins and themes
    # BEGIN WordPress
    # https://wordpress.org/support/article/nginx/#general-wordpress-rules
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }
    # END WordPress
    include  "/opt/bitnami/nginx/conf/bitnami/*.conf";
}

And with the second:

server {
    # Port to listen on, can also be set in IP:PORT format
    listen 443 ssl default_server;
    root /opt/bitnami/wordpress;
    # Catch-all server block
    # See: https://nginx.org/en/docs/http/server_names.html#miscellaneous_names
    server_name _;
    ssl_certificate      bitnami/certs/server.crt;
    ssl_certificate_key  bitnami/certs/server.key;
    # BEGIN Fix for WordPress plugins and themes
    # Certain WordPress plugins and themes do not properly link to PHP files because of symbolic links
    # https://github.com/bitnami/bitnami-docker-wordpress-nginx/issues/43
    rewrite ^/bitnami/wordpress(/.*) $1 last;
    # END Fix for WordPress plugins and themes
    # BEGIN WordPress
    # https://wordpress.org/support/article/nginx/#general-wordpress-rules
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }
    # END WordPress
    include  "/opt/bitnami/nginx/conf/bitnami/*.conf";

Hi @paola,

I do not see any error in the lines the log file mentioned, did you changed the configuration recently? Could you please let us know what you were doing when getting that error? I understand you were configuring the SSL certificates in the instance, did you follow this guide?

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#alternative-approach

Let’s try to get more information about the service now:

  • The NGINX service is currently stopped, can you try to start it?
sudo /opt/bitnami/ctlscript.sh start nginx
  • Is there a new error in the NGINX’s log file?
sudo tail -n 20 /opt/bitnami/nginx/logs/error.log
  • The message you posted didn’t close the wordpress-https-server-block.conf file properly. There was a missing “}” at the end of the file. Can you confirm the file includes it?
sudo cat /opt/bitnami/nginx/conf/server_blocks/wordpress-https-server-block.conf

Thanks

Hello:

Estruve trying to install the SSL certificate, first I did it with approach B which was the usual, then I removed everything and I did it with approach A.

Reboot as you mention and get this: Start nginx

when i run the second command i get this:

2021/07/06 15:24:28 [emerg] 9967#9967: cannot load certificate "/opt/bitnami/nginx/conf/bitnami/certs/server.crt": 
BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/bitnami/nginx
/conf/bitnami/certs/server.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)

I added this “}” to the end of the file and on reboot I get this:
Error starting nginx: [nginx] Another action is already in progress. Try again later.

This is wasting a lot of time, I think the best thing would be to close the institution and create a new one.

Can you tell me how to install the SSL certificate step by step according to the changes that BITNAMI has made, please?

Hi @paola,

The error is clear, the /opt/bitnami/nginx/conf/bitnami/certs/server.crt file doesn’t exist.

Note that if you launched a new instance recently, you need to follow the Approach A. There is a big notice at the beginning of the guide that explains how to know if you need to follow the approach A or B.

As you have the certificates in the /opt/bitnami/letsencrypt/certificates folder, let’s try to configure NGINX with them.

sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt.old
sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.key /opt/bitnami/nginx/conf/bitnami/certs/server.key.old
sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.csr /opt/bitnami/nginx/conf/bitnami/certs/server.csr.old
sudo ln -sf /opt/bitnami/letsencrypt/certificates/paolazriel.com.key /opt/bitnami/nginx/conf/bitnami/certs/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/paolazriel.com.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt
sudo chown root:root /opt/bitnami/nginx/conf/bitnami/certs/server*
sudo chmod 600 /opt/bitnami/nginx/conf/bitnami/certs/server*
sudo /opt/bitnami/ctlscript.sh restart nginx

You need to follow our documentation but paying attention to the “Approach A or B” sections in the guide.

Yes, I saw the error and followed the guide to solve the problem, I deleted everything, and then installed with approach A. When forcing SSL I did not find the files for port 80 and 443 and modify according to the documentation, now I had to open a firewall from the instance and there everything broke.

It’s not just about installing Letsencrypt.

What should we do now until they update their guidelines?

Thank you

Hi @paola,

There is no guide to update, the guide works properly and I’ve tested that several times. Can you run the Bitnami support tool again so I review the current status of your configuration?

Please note that you need to paste the code ID that is shown at the end.

Thanks

I am having the exact same problem. My BN support ID is:

5d042ba9-11b5-9bf2-c317-d3ba652e75be

I am using Approach A, which the command output said was correct, for WordPress with NGINX and SSL. I installed the Lego client and received the certificate. However, some of the next few steps are not working.

1. sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt.old

2. sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.key /opt/bitnami/nginx/conf/bitnami/certs/server.key.old

(Steps 1 and 2 work fine, no errors.) Step 3 does not work.

3. sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.csr /opt/bitnami/nginx/conf/bitnami/certs/server.csr.old

Error message: mv: cannot stat '/opt/bitnami/nginx/conf/bitnami/certs/server.csr': No such file or directory
4. sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/nginx/conf/bitnami/certs/server.key

5. sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt

(Steps 4 and 5 work fine, no errors. Steps 6 and 7 both fail, though.)

6. sudo chown root:root /opt/bitnami/nginx/conf/bitnami/certs/server*

Error message: chown: cannot dereference '/opt/bitnami/nginx/conf/bitnami/certs/server.crt': No such file or directory
chown: cannot dereference '/opt/bitnami/nginx/conf/bitnami/certs/server.crt.old': No such file or directory
chown: cannot dereference '/opt/bitnami/nginx/conf/bitnami/certs/server.key': No such file or directory
chown: cannot dereference '/opt/bitnami/nginx/conf/bitnami/certs/server.key.old': No such file or directory
7. sudo chmod 600 /opt/bitnami/nginx/conf/bitnami/certs/server*

Error message: chmod: cannot operate on dangling symlink '/opt/bitnami/nginx/conf/bitnami/certs/server.crt'
chmod: cannot operate on dangling symlink '/opt/bitnami/nginx/conf/bitnami/certs/server.crt.old'
chmod: cannot operate on dangling symlink '/opt/bitnami/nginx/conf/bitnami/certs/server.key'
chmod: cannot operate on dangling symlink '/opt/bitnami/nginx/conf/bitnami/certs/server.key.old'

I have spent hours trying to get this to work and would appreciate help!

Addendum: I tried to follow the instructions to start over, but those did not work, either.

Reference: https://docs.bitnami.com/general/how-to/generate-install-lets-encrypt-ssl/#alternative-approach

Troubleshooting

In case the certificate generation process fails or you wish to start again for any reason, run the commands below to delete the generated output, replace the previous certificates and restart services. You can then go back to Step 1. It is important to note that doing this will delete any previously-generated certificates and keys.

rm -rf /opt/bitnami/letsencrypt

Error message: rm: cannot remove '/opt/bitnami/letsencrypt/certificates': Permission denied
rm: cannot remove '/opt/bitnami/letsencrypt/accounts': Permission denied
rm: cannot remove '/opt/bitnami/letsencrypt/lego': Permission denied

Hence, it seems that even the instructions that should allow one to start over and try again are flawed. I sit in hope for a quick and helpful response. I really wish you all had live chat or some other faster mechanism for providing support to those of us who pay.

Hi @SiberianH

I am sorry to hear that you are experiencing trouble with your instance, let’s try to find out the issue and fix it :slightly_smiling_face: !

$ sudo chown root:root /opt/bitnami/nginx/conf/bitnami/certs/server*
Error message: chown: cannot dereference ‘/opt/bitnami/nginx/conf/bitnami/certs/server.crt’: No such file or directory
chown: cannot dereference ‘/opt/bitnami/nginx/conf/bitnami/certs/server.crt.old’: No such file or directory
chown: cannot dereference ‘/opt/bitnami/nginx/conf/bitnami/certs/server.key’: No such file or directory
chown: cannot dereference ‘/opt/bitnami/nginx/conf/bitnami/certs/server.key.old’: No such file or directory

These errors here inform that the files those symbolic link point to do not exist. This is most likely because the Let’s Encrypt Certificates were not generated properly. Please, execute the following commands to verify that:

ls -la /opt/bitnami/nginx/conf/bitnami/certs/server*
ls -la /opt/bitnami/letsencrypt/certificates/

rm -rf /opt/bitnami/letsencrypt
Error message: rm: cannot remove ‘/opt/bitnami/letsencrypt/certificates’: Permission denied
rm: cannot remove ‘/opt/bitnami/letsencrypt/accounts’: Permission denied
rm: cannot remove ‘/opt/bitnami/letsencrypt/lego’: Permission denied

Regarding this message, you can run the command using sudo for it to succeed. I will let the documentation team know of this to update the guide accordingly!

sudo rm -rf /opt/bitnami/letsencrypt

I understand your concern and that this is important to you. However, Bitnami does provide these solutions for free, as well as the support in this forum, in which we usually try to answer within a business day.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Thanks for your reply. Here are the results of the commands you provided.

  1. ls -la /opt/bitnami/nginx/conf/bitnami/certs/server*

Result:

lrwxrwxrwx 1 root root 48 Jul  8 18:21 /opt/bitnami/nginx/conf/bitnami/certs/server.crt -> /opt/bitnami/letsencrypt/certificates/DOMAIN.crt
lrwxrwxrwx 1 root root 48 Jul  8 18:11 /opt/bitnami/nginx/conf/bitnami/certs/server.crt.old -> /opt/bitnami/letsencrypt/certificates/DOMAIN.crt
lrwxrwxrwx 1 root root 48 Jul  8 18:21 /opt/bitnami/nginx/conf/bitnami/certs/server.key -> /opt/bitnami/letsencrypt/certificates/DOMAIN.key
lrwxrwxrwx 1 root root 48 Jul  8 18:11 /opt/bitnami/nginx/conf/bitnami/certs/server.key.old -> /opt/bitnami/letsencrypt/certificates/DOMAIN.key
  1. ls -la /opt/bitnami/letsencrypt/certificates/

Result:

ls: cannot open directory '/opt/bitnami/letsencrypt/certificates/': Permission denied

I would appreciate guidance on the next steps. I will try one more time after adding sudo to the command provided in the event that one wishes to start over and try again.

What I was saying about support intended no disrespect. I am simply saying that you should consider providing a priority support system for those of us who pay for Bitnami instances or even a per-instance support fee for urgent requests. I am not sure how you expect people to use Bitnami for production sites and projects if they cannot count on support.

I just added sudo to the second command you provided and it listed the certificate. The certificate appears to have been issued successfully, which is what the earlier command output indicated (“The server responded with a certificate.”). The remaining steps in the documentation are flawed, though, and I remain stuck in need of help. Thank you very much.

  1. sudo ls -la /opt/bitnami/letsencrypt/certificates/

Result:

total 28
drwx------ 2 root root 4096 Jul  8 18:10 .
drwxr-xr-x 4 root root 4096 Jul  8 18:07 ..
-rw------- 1 root root 5317 Jul  8 18:18 apps.abpp.org.crt
-rw------- 1 root root 3751 Jul  8 18:18 apps.abpp.org.issuer.crt
-rw------- 1 root root  234 Jul  8 18:18 apps.abpp.org.json
-rw------- 1 root root  227 Jul  8 18:18 apps.abpp.org.key

Wow, even the instructions to start over don’t work. Adding sudo allowed me to remove the certificate, but the next step failed.

1. sudo mv /opt/bitnami/nginx/conf/server.crt.old /opt/bitnami/nginx/conf/server.crt

Result:

mv: cannot stat '/opt/bitnami/nginx/conf/server.crt.old': No such file or directory

Hi @SiberianH

Thank you for providing the output of the commands I mentioned :slightly_smiling_face:

According to the output of this command here, it seems that the symbolic links were not correctly created. In the guide, we mention running these commands:

You should replace the keyword DOMAIN with your actual domain, which in this case I see is apps.abpp.org. Hence, you need to execute the following steps, this time making sure you use the actual domain name:

sudo ln -sf /opt/bitnami/letsencrypt/certificates/apps.abpp.org.key /opt/bitnami/nginx/conf/bitnami/certs/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/apps.abpp.org.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt
sudo chown root:root /opt/bitnami/nginx/conf/bitnami/certs/server.crt
sudo chown root:root /opt/bitnami/nginx/conf/bitnami/certs/server.key
sudo chmod 600 /opt/bitnami/nginx/conf/bitnami/certs/server.crt
sudo chmod 600 /opt/bitnami/nginx/conf/bitnami/certs/server.key

Wow, even the instructions to start over don’t work. Adding sudo allowed me to remove the certificate, but the next step failed.

This is because the aforementioned command was run against a non-existent certificate DOMAIN.crt. The output of the command verifies this:

Apart from that, the server.crt.old and server.key.old are also pointing to the non-existent DOMAIN.crt and DOMAIN.key files. Should you execute any other command involving them, you will end up with the same No such file or directory error.

Could you try to execute my commands and see if that solves the issue?

After performing the changes, restart the NGINX service and try to connect to your site:

sudo /opt/bitnami/ctlscript.sh restart nginx

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

1 Like

Thank you very much for your helpful reply.

My pleasure!

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart: