Site down after attempting SSL Certificate

Keywords: Moodle - Google Cloud Platform - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: “Destination not writable” error
Description:
I have an instance running in GCP that had a subdomain through my employer pointing at our IP address. I attempted to follow the instructions at
https://docs.bitnami.com/google/how-to/generate-install-lets-encrypt-ssl/#alternative-approach
(Using approach A, system packages/Apache). All went well up until step 3. Part of the script ran successfully, then threw an error on the www version of the domain (did not indicate any errors with the pure subdomain).

Now, cannot restart Bitnami services, get:
Starting services…
Job for bitnami.service failed because the control process exited with error code.
See “systemctl status bitnami.service” and “journalctl -xe” for details.

Site is not accessible through IP or subdomain. I can get in to files through SFTP. Is there an easy way to roll back whatever caused these issues? Unfortunately did not have an up-to-date Snapshot saved in GCP. I am a fairly novice user and would like to just get this rolled back to non-SSL usability and hand off to someone more experienced. Thanks in advance!

Hello @noah.mccord,

Thanks for using our Moodle solution! I’m not sure I understood something. When you created the certificates, did you create a certificate for each www and non-www version of your domains? You should just create a single certificate using as many --domains options as necessary for the /opt/bitnami/letsencrypt/lego command.

Where the symlinks sudo ln -sf commands the ones that failed? To rollback to the previous settings you can try deleting the symlinks from /opt/bitnami/apache2/conf/bitnami/certs/ and reverting to the .old cert files. First, make a copy of the certs/ folder and then run the following commands:

sudo rm /opt/bitnami/apache2/conf/bitnami/certs/server.key
sudo rm /opt/bitnami/apache2/conf/bitnami/certs/server.crt
sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.key.old /opt/bitnami/apache2/conf/bitnami/certs/server.key
sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.crt.old /opt/bitnami/apache2/conf/bitnami/certs/server.crt

After that, try restarting Apache:

sudo /opt/bitnami/ctlscript.sh restart apache

If the problem persists, please execute our Support Tool on the machine where the stack is running by following the steps described in the guide below?

Please note that you need to paste the code ID that is shown at the end.

Regards,
Francisco de Paz

Francisco,

Thank you for your quick help troubleshooting. To answer your first question, no I did not create a certificate for www and non-www versions, I apologize. That was something that I was looking at with a different set of instructions.

I believe the symlinks sudo ln -sf commands were the ones that failed, however I messed up and only copied part of the log before closing that SSH session.

When I try to execute the first two sudo rm commands you indicated, I get ‘no such file or directory’. The mv commands give me “permission denied”.

I was able to run the support tool, which wasn’t working last night. My code there is e5388ec6-6946-1e99-bc32-651f211cd59e

Thank you,

Noah

Hello @noah.mccord,

It seems there is no certificate in /opt/bitnami/letsencrypt/certificates and your server.crt and server.key are symlinks to inexistent files:

ls /opt/bitnami/apache/conf/bitnami/certs -la
...
lrwxrwxrwx 1 root    root   66 May 12 04:17 server.crt -> /opt/bitnami/letsencrypt/certificates/cscbtraining.state.co.us.crt
-rw------- 1 root    root  981 Jul 31  2020 server.crt.old
lrwxrwxrwx 1 root    root   66 May 12 04:17 server.key -> /opt/bitnami/letsencrypt/certificates/cscbtraining.state.co.us.key
-rw------- 1 root    root 1679 Jul 31  2020 server.key.old

You should first remove the symlinks with the rm commands I shared, there was a typo in them now fixed. For the mv commands try moving them using sudo.

Regards,
Francisco de Paz

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.