Remove configurations made with bncert-tool, including Let's Encrypt Certs, return to http w/o redirections

Keywords: WordPress - AWS - Technical Issue - Secure Connections (SSL/HTTPS)

Description:
The support bundle code: d79afef7-54d3-e568-c45e-1da12c195fb2

We have deployed a site in AWS Lightsail and used the bncert-tool to configure a SSL cert, all worked as expected.

We now want to test the Lightsail CDN Distribution for that site, and have created a custom domain with HTTPS for it (updated dns and certificates were created for the distribution).

However, there is some type of conflict between the distribution using HTTPS for the origin. Accessing the site returns a number of 502 errors.

To alleviate the issue, we’d like to remove / undo the bncert-tool configuration made, and put the site back to http - without any cert or https redirection.

We have tried to run the ./bncert-tool again, answering prompts in an attempt to get to the prompts to stop redirection, but run into validation for domain name and IP address being different than the hosted server. This would correct as DNS for the site now points to the CDN distribution xxxx.cloudfront.net endpoint.

How can we modify the configurations to remove the changes made that supported let’s encrypt?

Thanks,

Hi @jstott

We have deployed a site in AWS Lightsail and used the bncert-tool to configure a SSL cert, all worked as expected.

Thanks for using Bitnami WordPress and glad to see everything worked as expected!

How can we modify the configurations to remove the changes made that supported let’s encrypt?

The bnsupport-tool perform changes in the following files:

  • /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf
  • /opt/bitnami/apache2/conf/bitnami/bitnami.conf

Let’s remove the changes now :slightly_smiling_face:

/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf

# Bitnami applications installed in a prefix URL
Include "/opt/bitnami/apps/wordpress/conf/httpd-prefix.conf"
                    Include "/opt/bitnami/apps/phpmyadmin/conf/httpd-prefix.conf"
                    # Bitnami applications installed in a prefix URL
Include "/opt/bitnami/apps/wordpress/conf/httpd-prefix.conf"
                    Include "/opt/bitnami/apps/phpmyadmin/conf/httpd-prefix.conf"
-                   Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"

The changes introduced in bitnami.conf are easily marked by a series of comments, so it’s easy to remove them!

...
<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
- # BEGIN: Support domain renewal when using mod_proxy without Location
- <IfModule mod_proxy.c>
-   ProxyPass /.well-known !
- </IfModule>
- # END: Support domain renewal when using mod_proxy without Location
- # BEGIN: Enable HTTP to HTTPS redirection
- RewriteEngine On
- RewriteCond %{HTTPS} !=on
- RewriteCond %{HTTP_HOST} !^localhost
- RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
- RewriteCond %{REQUEST_URI} !^/\.well-known
- RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
- # END: Enable HTTP to HTTPS redirection
  <Directory "/opt/bitnami/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    <IfVersion < 2.3 >
      Order allow,deny
      Allow from all
    </IfVersion>
    <IfVersion >= 2.3 >
      Require all granted
    </IfVersion>
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html

  # Bitnami applications installed with a prefix URL (default)
  Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
  # BEGIN: Support domain renewal when using mod_proxy within Location
- <Location /.well-known>
-   <IfModule mod_proxy.c>
-     ProxyPass !
-   </IfModule>
- </Location>
- # END: Support domain renewal when using mod_proxy within Location
</VirtualHost>

...

<VirtualHost _default_:443>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/staging.XXXXXXX.com.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/staging.XXXXXXX.com.key"

- # BEGIN: Support domain renewal when using mod_proxy without Location
- <IfModule mod_proxy.c>
-   ProxyPass /.well-known !
- </IfModule>
- # END: Support domain renewal when using mod_proxy without Location
...

  # Bitnami applications installed with a prefix URL (default)
  Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
- # BEGIN: Support domain renewal when using mod_proxy within Location
- <Location /.well-known>
-   <IfModule mod_proxy.c>
-     ProxyPass !
-   </IfModule>
- </Location>
- # END: Support domain renewal when using mod_proxy within Location
</VirtualHost>
...

After performing the changes, please restart your Apache service and that should be it

sudo /opt/bitnami/ctlscript.sh restart apache

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

1 Like

Thank you Jose!

This is exactly what I needed, this solution works perfectly.

Warm regards,
Jim

Glad to see you were able to solve your issue! We are marking the previous answer as “Solution” and this topic as “Closed”.

If you have any other questions, please do not hesitate to let us know. Feel free to create a new topic referencing this one if necessary.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart: