Really simple ssl plugin shows warning

Keywords: LAMP/MAMP/WAMP - AWS - Technical issue - Secure Connections (SSL/HTTPS)

bnsupport ID: b0f0a467-3cee-dd18-0858-422c639f6ea2

bndiagnostic output:

? Apache: Found possible issues
? Resources: Found possible issues
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
https://docs.bitnami.com/bch/apps/moodle/troubleshooting/deny-connections-bots-apache/
https://docs.bitnami.com/installer/faq/linux-faq/administration/increase-memory-linux/

bndiagnostic failure reason: The suggested guides are not related with my issue

Description:
I am using a bitnami LAMP server from AWS, I bought an ssl certificate from amazon and attached it to the load balance and then install really simply ssl plugin, the plugin then shows a warning message about certificate key file that is not secure as in below screenshot, also when you access the website @ the first time it shows unsecure message in the browser and if you proceed with unsecure it will redirect you to the secure link

Hi @ghina.altal

Thanks for using Bitnami LAMP!

I have checked your configuration and it seems the permissions associated with the certificate and key in use are the following ones:

$ cat /opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf
...
<VirtualHost _default_:443>
  DocumentRoot "/opt/bitnami/apache/htdocs"
  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache/conf/bitnami/certs/server.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache/conf/bitnami/certs/server.key"
$ ls -la /opt/bitnami/apache/conf/bitnami/certs
total 16
drwxrwxr-x 2 bitnami root 4096 Jul  2 13:55 .
drwxrwxr-x 4 bitnami root 4096 Sep  2 06:12 ..
-rw-r--r-- 1 bitnami root  981 Jul  2 13:55 server.crt
-rw------- 1 bitnami root 1679 Jul  2 13:55 server.key

While this should work, if you want to give them a greater level of file-system protection can execute the following commands:

$ sudo chown root:root /opt/bitnami/apache/conf/bitnami/certs/server*
$ sudo chmod 600 /opt/bitnami/apache2/conf/bitnami/certs/server*

After that, check if the error message keeps appearing. If so, could you please share the article it references to?

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

@jcarmona thanks for your prompt response.

this is the article link:
https://really-simple-ssl.com/protect-ssl-generation-directories

I did exactly what they recommend by modifing the file permissions to 644 for the .crt file and 600 for the .key file.

but the warning still appears, what should I do?

@jcarmona adding to that, please not that I am not using these ssl files mentioned above, as I have already bought the SSL certificate from amazon and attached it to load balancer directly, which means there are no new files for the SSL installed the server, these are the default files in the server done by bitnami team.

but the warning still appears, what should I do?

If the warning appears even after following their guide, it seems the issue is with the plugin itself. In that case, you should reach out to the developers for further support/bug reporting.

@jcarmona adding to that, please not that I am not using these ssl files mentioned above, as I have already bought the SSL certificate from amazon and attached it to load balancer directly, which means there are no new files for the SSL installed the server, these are the default files in the server done by bitnami team.

I might be wrong (since I don’t have enough context on how the plugin works), but I assume the plugin does only check the certificates that the Apache server is configured with. Even if they are different files, the message should not appear after following their guide. In any case, I’d say you should reach out to them for further clarification, as they will have more context on this :slight_smile:

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

@jcarmona ok, I will reach out them for that, thank you so much :slight_smile:

My pleasure!

Feel free to update the thread with any updates :slightly_smiling_face:

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.