Set up SSL for all domain, same IP address, one instance

Keywords: LAMP/MAMP/WAMP - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: b081e0d2-075c-d862-b8ce-00090e5cf82d
Description:
Hi!
I host my website on Amazon Lightsail. I have 1 instance with the static IP address 3.97.30.139.
I have total 4 domains: ontariospecialtycoatings.ca, kitchener.ontariospecialtycoatings.ca, hamilton.ontariospecialtycoatings.ca and ontariopoolcoatings.ca.
When my certificate for ontariospecialtycoatings.ca is expired, I renew using sudo /opt/bitnami/bncert-tool and receive the message:

An error occurred revoking certificates with Let’s Encrypt:

2021/05/21 17:35:05 Error while revoking the certificate for domain
ontariospecialtycoatings.ca
acme: error: 403 :: POST ::
https://acme-v02.api.letsencrypt.org/acme/revoke-cert ::
urn:ietf:params:acme:error:unauthorized :: Certificate is expired

However, the SSL for ontariopoolcoatings.ca is working find.
I tried to restore the original bitnami.conf file and httpd.conf file
follow by this topic: One instance, multiple domains, multiple IPs
I also try to Run The Bitnami HTTPS Configuration Tool
However, when I run sudo /opt/bitnami/bncert-tool, the error is still the same.
Can anyone help me to figure out what is wrong with this, please!
Thank you so much!

Hello @tien,

Accessing your site I can see your certificate is expired.

You can revoke a valid certificate using the next guide. However, if the certificate is not valid, you can’t revoke it but you can request a new one

https://docs.bitnami.com/aws/how-to/understand-bncert/#manually-revoking-an-existing-certificate

I hope it helps

Thanks for your reply @davidg.
I did it many times but I still receive the same error.


Here is my bitnami-ssl.conf file:

DocumentRoot “/opt/bitnami/apache/htdocs”
SSLEngine on
SSLCertificateFile “/opt/bitnami/apache/conf/bitnami/certs/server.crt”
SSLCertificateKeyFile “/opt/bitnami/apache/conf/bitnami/certs/server.key”

<Directory “/opt/bitnami/apache/htdocs”>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted

Error Documents

ErrorDocument 503 /503.html

Hello @tien,

In order to renew your certificates you should follow this guide:
https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#step-5-renew-the-lets-encrypt-certificate

Basically, these are the steps:

  sudo /opt/bitnami/ctlscript.sh stop apache
  sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90
  sudo /opt/bitnami/ctlscript.sh start apache

There, you can provide all your domains with the --domains=DOMAIN1, --domains=DOMAIN2

The next steps in the documentation explain how to automate the process.

Please try these steps and share a new support tool output if you face issues.

Alternatively, if the certificates where revoke, you could generate them again:
https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#step-2-generate-a-lets-encrypt-certificate-for-your-domain

Regards

Hi! I did run the command but the website is still Not Secure.
Here is what I got

bitnami@ip-172-26-6-215:~$ sudo /opt/bitnami/ctlscript.sh stop apache
Stopped apache
bitnami@ip-172-26-6-215:~$ sudo /opt/bitnami/letsencrypt/lego --tls --email="customerservic
e@smartwebpros.com" --domains=ontariospecialtycoatings.ca --path="/opt/bitnami/letsencrypt"
 renew --days 90
2021/05/25 15:00:48 [INFO] [ontariospecialtycoatings.ca] acme: Trying renewal with 2157 hou
rs remaining
2021/05/25 15:00:48 [INFO] [ontariospecialtycoatings.ca, www.ontariospecialtycoatings.ca] a
cme: Obtaining bundled SAN certificate
2021/05/25 15:00:48 [INFO] [ontariospecialtycoatings.ca] AuthURL: https://acme-v02.api.lets
encrypt.org/acme/authz-v3/13267297266
2021/05/25 15:00:48 [INFO] [www.ontariospecialtycoatings.ca] AuthURL: https://acme-v02.api.
letsencrypt.org/acme/authz-v3/13267297267
2021/05/25 15:00:48 [INFO] [ontariospecialtycoatings.ca] acme: authorization already valid;
 skipping challenge
2021/05/25 15:00:48 [INFO] [www.ontariospecialtycoatings.ca] acme: authorization already va
lid; skipping challenge
2021/05/25 15:00:48 [INFO] [ontariospecialtycoatings.ca, www.ontariospecialtycoatings.ca] a
cme: Validations succeeded; requesting certificates
2021/05/25 15:00:49 [INFO] [ontariospecialtycoatings.ca] Server responded with a certificat
e.

I also tried 4 steps on the Alternative Approach Document.
At step 3, I run this line

sudo chown root:root /opt/bitnami/apache2/conf/bitnami/certs/server*
sudo chmod 600 /opt/bitnami/apache2/conf/bitnami/certs/server*

I received this

Then I retried sudo /opt/bitnami/bncert-tool, I still get errors:


\Warning: Certificates may not renew automatically, due to a web server 
configuration issue. For more information see: 
https://docs.bitnami.com/general/how-to/understand-bncert/#certificates-not-renew
ed-automatically
Press [Enter] to continue:
----------------------------------------------------------------------------
Some errors occurred

The configuration was applied, but some of the changes could not be applied. 
Find the details below.

The configuration report is shown below.

Failed steps:
* Creating Let's Encrypt certificate: Automatic renewal not working

Hello @tien,

I think the problem is you have updated ontariospecialtycoatings.ca but not www.ontariospecialtycoatings.ca. You have to options:

  1. Renew www.ontariospecialtycoatings.ca
sudo /opt/bitnami/ctlscript.sh stop apache
sudo /opt/bitnami/letsencrypt/lego --tls --email="customerservice@smartwebpros.com" --domains=www.ontariospecialtycoatings.ca --path="/opt/bitnami/letsencrypt" renew --days 90
  1. Change your Apache configuration to point to ontariospecialtycoatings.ca:
SSLCertificateFile "/opt/bitnami/apache/conf/ontariospecialtycoatings.ca.crt"
SSLCertificateKeyFile "/opt/bitnami/apache/conf/ontariospecialtycoatings.ca.key"

Regards

Hello @davidg !
It’s working right now! Yay! :heart_eyes:
I already included www when I renew it, restart apache but it didn’t work.
So I decided to Stop the instance and Start it again and it’s work for all the domain and subdomain.
Thanks so much for your help. I appreciate that!

Nice. I’m glad you made it work.

Regards

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.