Ssl install problem?

prakhar 2018-09-18 03:27:35 UTC #1

Keywords: Mautic - Amazon Web Services - Technical issue - Secure Connections (SSL/HTTPS)
Description:
i was installing lets encrypt ssl according to bitnami documentation.
when using the command below:
sudo ln -s /etc/lego/certificates/DOMAIN.key /opt/bitnami/apache2/conf/server.key
sudo ln -s /etc/lego/certificates/DOMAIN.crt /opt/bitnami/apache2/conf/server.crt

i forgot to change DOMAIN.key and DOMAIN.crt to mydomain.crt and mydomain.key
after that hen i run the command below
sudo chown root:root /opt/bitnami/apache2/conf/server*
it gives the folloing error
chown: cannot dereference '/opt/bitnami/apache2/conf/server.crt': No such file or directory
chown: cannot dereference '/opt/bitnami/apache2/conf/server.key': No such file or directory
then i realised i had to write DOMAIN.key and DOMAIN.crt to mydomain.crt and mydomain.key
then i run the command again
sudo ln -s /etc/lego/certificates/mydomain.com.key /opt/bitnami/apache2/conf/server.key
now it gives the following error
ln: failed to create symbolic link '/opt/bitnami/apache2/conf/server.key': File exists
i connected via ftp and deleted the files or links(may be) server.key and server.crt
then again run the commands
sudo ln -s /etc/lego/certificates/mydomain.com.key /opt/bitnami/apache2/conf/server.key

sudo ln -s /etc/lego/certificates/mydomaincom.crt /opt/bitnami/apache2/conf/server.crt
it gives the following error
ln: failed to create symbolic link '/opt/bitnami/apache2/conf/server.crt': File exists
then i tried to run this command
sudo chown root:root /opt/bitnami/apache2/conf/server*
it throws this error
chown: cannot dereference '/opt/bitnami/apache2/conf/server.crt': No such file or directory
chown: cannot dereference '/opt/bitnami/apache2/conf/server.key': No such file or directory
when i see via ftp there was one file or link .crt or .key(i forgot which one was there)
i tried running this command
sudo chmod 600 /opt/bitnami/apache2/conf/server*
it shows this error
chmod: cannot operate on dangling symlink '/opt/bitnami/apache2/conf/server.crt'
chmod: cannot operate on dangling symlink '/opt/bitnami/apache2/conf/server.key'

i tried to run this command
sudo /opt/bitnami/ctlscript.sh start
it shows the following error

/opt/bitnami/mysql/scripts/ctl.sh : mysql started at port 3306
/opt/bitnami/php/scripts/ctl.sh : php-fpm started
AH00526: Syntax error on line 46 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file '/opt/bitnami/apache2/conf/server.crt' does not exist or is empty
apache config test fails, aborting

my question is
1. how to solve this problem?
and if i want to revert back
2. how to revert back to the state before starting all this process.
thanks in advance for any kind of help

jota 2018-09-18 10:28:38 UTC #2

Hi @prakhar,

Please run these commands to force (use the f flag) the creation of the files

sudo ln -sf /etc/lego/certificates/mydomain.com.key /opt/bitnami/apache2/conf/server.key
sudo ln -sf /etc/lego/certificates/mydomaincom.crt /opt/bitnami/apache2/conf/server.crt

After that, change the permissions of the files and restart Apache

sudo chown root:root /opt/bitnami/apache2/conf/server*
sudo chmod 600 /opt/bitnami/apache2/conf/server*
sudo /opt/bitnami/ctlscript.sh start

If you need to revert to the previous state, you can recover the .old files

sudo mv /opt/bitnami/apache2/conf/server.crt.old /opt/bitnami/apache2/conf/server.crt
sudo mv /opt/bitnami/apache2/conf/server.key.old /opt/bitnami/apache2/conf/server.key
sudo /opt/bitnami/ctlscript.sh restart apache

Happy to help!

Was my answer helpful? Click on

prakhar 2018-09-19 08:03:13 UTC #3

as you said

i have done but got the same error

chown: cannot dereference '/opt/bitnami/apache2/conf/server.crt': No such file or directory
chown: cannot dereference '/opt/bitnami/apache2/conf/server.crt.old': No such file or directory
chown: cannot dereference '/opt/bitnami/apache2/conf/server.key': No such file or directory

now what to do ?
i have lost access to ftp also.
this domain is behind cloudflare.

prakhar 2018-09-19 08:06:59 UTC #4

when i cd in CLI to the conf directory i can see server.key and server.crt are there but in red text

jota 2018-09-19 09:42:59 UTC #5

Hi @prakhar,

Did you substitute mydomain.com with your real domain when running the different commands I posted above? Please share the output of these commands to review the current status

sudo ls -la /opt/bitnami/apache2/conf
sudo ls -la /etc/lego/certificates

Thanks

prakhar 2018-09-19 16:49:49 UTC #6

it shows:

total 288
drwxr-xr-x 5 bitnami root 4096 Sep 19 08:20 .
drwxr-xr-x 14 root root 4096 May 23 10:54 ..
drwxr-xr-x 2 bitnami root 4096 Aug 19 17:50 bitnami
-rw-r--r-- 1 bitnami root 289 May 23 10:54 deflate.conf
drwxr-xr-x 2 bitnami root 4096 May 23 10:51 extra
-rw-r--r-- 1 bitnami root 20150 May 23 10:57 httpd.conf
-rw-r--r-- 1 bitnami root 13077 Apr 6 12:18 magic
-rw-r--r-- 1 bitnami root 60847 Apr 6 12:18 mime.types
-rw-r--r-- 1 bitnami root 7413 Aug 2 2012 modsecurity.conf
drwxr-xr-x 3 bitnami root 4096 May 23 10:51 original
-rw-r--r-- 1 bitnami root 17301 May 23 10:54 pagespeed.conf
-rw-r--r-- 1 bitnami root 120982 May 23 10:51 pagespeed_libraries.conf
-rw-r--r-- 1 bitnami root 199 May 23 10:52 php-fpm-apache.conf
-rw-r--r-- 1 bitnami root 1834 Aug 19 17:51 privkey.pem
lrwxrwxrwx 1 root root 50 Sep 17 17:18 server.crt -> /etc/lego/certifica tes/marketing.mycitykart.in.crt
-rw------- 1 root root 985 Aug 19 17:51 server.csr.old
-rw------- 1 root root 1679 Aug 19 17:51 server.key
-rw-r--r-- 1 bitnami root 203 May 23 10:53 ssi.conf

it shows:

ls: cannot access '/etc/lego/certificates': No such file or directory

jota 2018-09-20 11:06:21 UTC #7

Hi @prakhar,

It seems that there is something wrong with the certificate files. Let's generate a new self-signed certificate so you can start Apache again and we will help you to generate a new valid certificate later

sudo rm -rf /opt/bitnami/apache2/conf/server.*
sudo openssl genrsa -out /opt/bitnami/apache2/conf/server.key 2048
sudo openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr
sudo openssl x509 -in /opt/bitnami/apache2/conf/cert.csr -out /opt/bitnami/apache2/conf/server.crt -req -signkey /opt/bitnami/apache2/conf/server.key -days 365
sudo /opt/bitnami/ctlscript.sh restart apache

One of those commands will request you additional information when running it, just set the values and it will generate the certificate. Can you access Apache now?

In order to generate the Let's encrypt certificate again, please run these commands

sudo /opt/bitnami/ctlscript.sh stop
sudo lego --email="EMAIL-ADDRESS" --domains="DOMAIN" --domains="www.DOMAIN" --path="/etc/lego" run
sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
sudo ln -sf/etc/lego/certificates/DOMAIN.key /opt/bitnami/apache2/conf/server.key
sudo ln -sf /etc/lego/certificates/DOMAIN.crt /opt/bitnami/apache2/conf/server.crt
sudo chown root:root /opt/bitnami/apache2/conf/server*
sudo chmod 600 /opt/bitnami/apache2/conf/server*
sudo /opt/bitnami/ctlscript.sh start

Please substitute DOMAIN in each of the commands so Apache is configured correctly. If you use DOMAIN in any of those commands, just ran the command again with the proper domain name

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

Could you please share with us the output of the following commands again?

sudo ls -la /etc/lego
sudo ls -la /etc/lego/certificates
sudo ls -la /opt/bitnami/apache2/conf/

Thanks

prakhar 2018-09-25 17:33:29 UTC #8

i was a bit busy i will reply you soon

prakhar 2018-09-26 17:53:23 UTC #9

here is full detail i am showing below:

bitnami@ip-:~$ sudo lego --email="kartmycity@gmail.com" --domains="marketing.mycitykart.in" --domains="www.marketing.mycitykart.in" --path="/etc/lego" run
2018/09/26 17:44:21 [INFO][marketing.mycitykart.in, www.marketing.mycitykart.in] acme: Obtaining bundled SAN certificate
2018/09/26 17:44:22 [INFO][marketing.mycitykart.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/L1Og7W2MGrE2Pg_aBlSBcJ-JEai_tK1fd15HefdDXOM
2018/09/26 17:44:22 [INFO][www.marketing.mycitykart.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/Sj7RCif_OIh4IsgRbXuV7uaIS3FdbdHjpGepEQzNzgA
2018/09/26 17:44:22 [INFO][marketing.mycitykart.in] acme: Authorization already valid; skipping challenge
2018/09/26 17:44:22 [INFO][www.marketing.mycitykart.in] acme: Trying to solve HTTP-01
2018/09/26 17:44:28 Could not obtain certificates
acme: Error -> One or more domains had a problem:
[www.marketing.mycitykart.in] acme: Error 400 - urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for www.marketing.mycitykart.in
bitnami@ip-:~$ sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
bitnami@ip-:~$ sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
bitnami@ip:~$ sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
mv: cannot stat '/opt/bitnami/apache2/conf/server.csr': No such file or directory
bitnami@ip-:~$ sudo ln -sf/etc/lego/certificates/marketing.mycitykart.in.key /opt/bitnami/apache2/conf/server.key
ln: invalid option -- '/'
Try 'ln --help' for more information.
bitnami@ip-:~$ sudo ln -sf /etc/lego/certificates/marketing.mycitykart.in.key /opt/bitnami/apache2/conf/server.key
bitnami@ip-:~$ sudo ln -sf /etc/lego/certificates/marketing.mycitykart.in.crt /opt/bitnami/apache2/conf/server.crt
bitnami@ip-:~$ sudo chown root:root /opt/bitnami/apache2/conf/server*
chown: cannot dereference '/opt/bitnami/apache2/conf/server.crt': No such file or directory
chown: cannot dereference '/opt/bitnami/apache2/conf/server.key': No such file or directory
bitnami@ip-:~$ sudo ls -la /etc/lego
total 12
drwx------ 3 root root 4096 Sep 17 17:05 .
drwxr-xr-x 95 root root 4096 Sep 22 06:34 ..
drwx------ 3 root root 4096 Sep 17 17:05 accounts
bitnami@ip-:~$ sudo ls -la /etc/lego/certificates
ls: cannot access '/etc/lego/certificates': No such file or directory
bitnami@ip-:~$ sudo ls -la /opt/bitnami/apache2/conf/
total 292
drwxr-xr-x 5 bitnami root 4096 Sep 26 17:47 .
drwxr-xr-x 14 root root 4096 May 23 10:54 ..
drwxr-xr-x 2 bitnami root 4096 Aug 19 17:50 bitnami
-rw-r--r-- 1 root root 1029 Sep 26 17:39 cert.csr
-rw-r--r-- 1 bitnami root 289 May 23 10:54 deflate.conf
drwxr-xr-x 2 bitnami root 4096 May 23 10:51 extra
-rw-r--r-- 1 bitnami root 20150 May 23 10:57 httpd.conf
-rw-r--r-- 1 bitnami root 13077 Apr 6 12:18 magic
-rw-r--r-- 1 bitnami root 60847 Apr 6 12:18 mime.types
-rw-r--r-- 1 bitnami root 7413 Aug 2 2012 modsecurity.conf
drwxr-xr-x 3 bitnami root 4096 May 23 10:51 original
-rw-r--r-- 1 bitnami root 17301 May 23 10:54 pagespeed.conf
-rw-r--r-- 1 bitnami root 120982 May 23 10:51 pagespeed_libraries.conf
-rw-r--r-- 1 bitnami root 199 May 23 10:52 php-fpm-apache.conf
-rw-r--r-- 1 bitnami root 1834 Aug 19 17:51 privkey.pem
lrwxrwxrwx 1 root root 50 Sep 26 17:47 server.crt -> /etc/lego/certificates/marketing.mycitykart.in.crt
-rw-r--r-- 1 root root 1176 Sep 26 17:39 server.crt.old
lrwxrwxrwx 1 root root 50 Sep 26 17:47 server.key -> /etc/lego/certificates/marketing.mycitykart.in.key
-rw-r--r-- 1 root root 1679 Sep 26 17:36 server.key.old
-rw-r--r-- 1 bitnami root 203 May 23 10:53 ssi.conf

prakhar 2018-09-26 17:59:36 UTC #10

my httpd is not running
my ftp is not running
my site is not running
could you please tell me how to revert back and how can i install ssl using cloudflare from following links below:
1. https://support.cloudflare.com/hc/en-us/articles/218408028-How-to-install-an-Origin-CA-Certificate-Other-
2. https://support.cloudflare.com/hc/en-us/articles/217472077
3. https://support.cloudflare.com/hc/en-us/articles/115000479507-Creating-and-managing-certificates-with-Origin-CA

jota 2018-09-27 11:14:50 UTC #11

Hi @prakhar,

I just checked that your domains are not pointing directly to the Bitnam instance, that's why you can't generate the certificates with Let's Encrypt.

https://www.whatsmydns.net/#A/marketing.mycitykart.in

To revert the changes, run these commands

sudo rm -rf /opt/bitnami/apache2/conf/server.crt
sudo rm -rf /opt/bitnami/apache2/conf/server.key
sudo mv /opt/bitnami/apache2/conf/server.crt.old /opt/bitnami/apache2/conf/server.crt
sudo mv /opt/bitnami/apache2/conf/server.key.old /opt/bitnami/apache2/conf/server.key
sudo /opt/bitnami/ctlscript.sh restart apache

If you have a certificate, you can configure Apache to use it. You will need to substitute the .crt and .key files in the server

https://docs.bitnami.com/aws/apps/wordpress/administration/enable-https-ssl-apache/

prakhar 2018-09-28 02:53:37 UTC #12

my domain is behind cloudflare and in cloudflare dns configuration its pointing to the public ip of my aws instance.
Is it right?
If not , then how to configure my domain to point to my ip?

andresrc 2018-09-28 09:53:33 UTC #13

Hi @prakhar,

Your domain currently resolves to 104.27.136.224 which is an IP of CloudFlare and not an AWS one. This would be used by CloudFlare to provide caching services. You can use the "Pause" feature in CloudFlare to make it return your AWS ip address while you configure your certificate.

Regards,

Andres R.

prakhar 2018-09-28 17:16:37 UTC #14

ok i will try and then tell you

prakhar 2018-09-28 17:31:35 UTC #15

i am trying to revert back but these commands shows the error
mv: invalid option -- 'r'
Try 'mv --help' for more information.

and my apache is not running

prakhar 2018-09-28 17:45:46 UTC #16

i paused and tried to revert back but didn't help
same result

jota 2018-10-01 08:50:47 UTC #17

Hi @prakhar,

I'm so sorry, I just noticed that my commands were wrong, could you please run these ones?

sudo rm -rf /opt/bitnami/apache2/conf/server.crt
sudo rm -rf /opt/bitnami/apache2/conf/server.key
sudo mv /opt/bitnami/apache2/conf/server.crt.old /opt/bitnami/apache2/conf/server.crt
sudo mv /opt/bitnami/apache2/conf/server.key.old /opt/bitnami/apache2/conf/server.key
sudo /opt/bitnami/ctlscript.sh restart apache

I'll edit the ones in the other post so other users don't run the wrong ones. If that doesn't work, please share the output of these commands again and we will provide you with a different way to recover your installation

sudo ls -la /opt/bitnami/apache2/conf/

Thanks

prakhar 2018-10-07 05:47:55 UTC #18

bitnami@ip-172-31-25-34:~$ sudo ls -la /opt/bitnami/apache2/conf/
total 292
drwxr-xr-x 5 bitnami root 4096 Oct 7 05:45 .
drwxr-xr-x 14 root root 4096 May 23 10:54 ..
drwxr-xr-x 2 bitnami root 4096 Sep 28 18:06 bitnami
-rw-r--r-- 1 root root 1029 Sep 26 17:39 cert.csr
-rw-r--r-- 1 bitnami root 289 May 23 10:54 deflate.conf
drwxr-xr-x 2 bitnami root 4096 May 23 10:51 extra
-rw-r--r-- 1 bitnami root 20150 May 23 10:57 httpd.conf
-rw-r--r-- 1 bitnami root 13077 Apr 6 2018 magic
-rw-r--r-- 1 bitnami root 60847 Apr 6 2018 mime.types
-rw-r--r-- 1 bitnami root 7413 Aug 2 2012 modsecurity.conf
drwxr-xr-x 3 bitnami root 4096 May 23 10:51 original
-rw-r--r-- 1 bitnami root 17301 May 23 10:54 pagespeed.conf
-rw-r--r-- 1 bitnami root 120982 May 23 10:51 pagespeed_libraries.conf
-rw-r--r-- 1 bitnami root 199 May 23 10:52 php-fpm-apache.conf
-rw-r--r-- 1 bitnami root 1834 Aug 19 17:51 privkey.pem
-rw-r--r-- 1 root root 1176 Sep 26 17:39 server.crt
-rw-r--r-- 1 root root 1679 Sep 26 17:36 server.key
-rw-r--r-- 1 bitnami root 203 May 23 10:53 ssi.conf

now what should i do?

prakhar 2018-10-07 05:49:56 UTC #19

i posted my ip here i hope it would not be a security problem , if it is please delete it i can't find the option to edit post.

prakhar 2018-10-07 05:57:30 UTC #20

my site and ftp is still not reachable.

Bitnami provides free all-in-one installers, virtual machines and cloud images for popular open source applications. Get them now!