SSL Renewal failed - Website gone nuts

Keywords: WordPress Multisite - Google Cloud Platform - Technical issue - Secure Connections (SSL/HTTPS)

bnsupport ID: 3ac25c9c-8ff0-bb49-9897-c8c1c6786eeb

bndiagnostic output:

? Apache: Found possible issues
? Resources: Found possible issues
? Connectivity: Found possible issues
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
https://docs.bitnami.com/bch/apps/moodle/troubleshooting/deny-connections-bots-apache/
https://docs.bitnami.com/installer/faq/linux-faq/administration/increase-memory-linux/
https://docs.bitnami.com/general/faq/administration/use-firewall/

bndiagnostic failure reason: I do not know how to perform the changes explained in the documentation

Description:
Hi there, My SSL failed renewal. Tried to rerun the commands and won’t generate a new one. Also tried to revoke the certificates but permission is denied?.

Followed the Approach B instructions and generally get ‘No such File or Directory’.

Some help would be appreciated.

Regards

James

Hi @james8,

I can see you have many cron jobs that are trying to renew the certificate and that might be the reason why the certificate was not renewed properly. Please remove this line

/opt/bitnami/letsencrypt/scripts/renew-certificate.sh

from the root’s crontab (sudo crontab -e) and this other one

0 0 1 * * sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" --tls --email="enquiries@DOMAIN.co.uk"  --domains=DOMAIN.co.uk renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful

from the bitnami’s one crontab -e. You should only keep this line

0 0 * * * sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="enquiries@DOMAIN.co.uk" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=DOMAIN.co.uk renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful # bncert-autorenew

In order to get more information about the certificate renewal, can you run that command and post the output here?

sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="enquiries@DOMAIN.co.uk" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=DOMAIN.co.uk renew 

Please note that I have replaced your domain with DOMAIN.

Thanks

Hi Jota

I think I did it right? Still Not working…

Support tool won’t run now!

===== Begin of bndiagnostic tool output =====

? Apache: Found possible issues
✓ Php: No issues found
✓ Resources: No issues found
✓ Mysql: No issues found
? Connectivity: Found possible issues

[Apache]

Found recent error or warning messages in the Apache error log.

[Mon Aug 30 01:42:30.465156 2021] [proxy_fcgi:error] [pid 23932:tid 
139927694051072] [client **ip_address**:49806] AH01071: Got error 'PHP message: 
PHP Fatal error: Uncaught Error: Call to undefined function get_header() in 
/opt/bitnami/apps/wordpress/htdocs/wp-content/themes/twentyseventeen/404.php:13
Stack trace:
#0 {main}
 thrown in 
Press [Enter] to continue:
/opt/bitnami/apps/wordpress/htdocs/wp-content/themes/twentyseventeen/404.php on 
line 13'
 [Tue Aug 31 21:32:44.046203 2021] [ssl:error] [pid 1752:tid 139657765250816] 
[client **ip_address**:44962] AH02042: rejecting client initiated renegotiation

Wondering if it would be beneficial to use the Migration Tool to move WP to a new multi-site instance?
That way I can update the PHP version and do a clean SSL install?.

Thanks

James8

Hi @james8,

I do not know if the certificate was renewed properly because you didn’t post the output of the lego command here.

The error you posted is not related to the SSL certificate but with a connection a client made. I tried to access your website and got a timeout error. Can you confirm all services are running?

sudo /opt/bitnami/ctlscript.sh status

If Apache is stopped, try to start it and get more info from the log file

sudo /opt/bitnami/ctlscript.sh restart apache
sudo tail -n 20 /opt/bitnami/apache2/logs/error_log

Thanks

Hi Mate

All says running ok… here’s the log anyhoo…

$ sudo tail -n 20 /opt/bitnami/apache2/logs/error_log
[Mon Aug 30 10:34:45.069999 2021] [ssl:warn] [pid 5653:tid 140071639359104] AH01882: Init: this version of mod_ssl
was compiled against a newer library (OpenSSL 1.0.2s 28 May 2019, version currently loaded is OpenSSL 1.0.2r 26 F
eb 2019) - may result in undefined or erroneous behavior
[Mon Aug 30 10:34:45.083882 2021] [ssl:warn] [pid 5654:tid 140071639359104] AH01882: Init: this version of mod_ssl
was compiled against a newer library (OpenSSL 1.0.2s 28 May 2019, version currently loaded is OpenSSL 1.0.2r 26 F
eb 2019) - may result in undefined or erroneous behavior
[Mon Aug 30 10:34:45.086191 2021] [mpm_event:notice] [pid 5654:tid 140071639359104] AH00489: Apache/2.4.39 (Unix) O

Hi Jota

Found the fix, In my

sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="enquiries@DOMAIN.co.uk" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=DOMAIN.co.uk renew

I specified both plain and www. in the Domain areas. Changed my DNS records to represent both types and resolves fine now on all subdomains etc.

Checked with Digicert etc and apparently TLS ready. If I run support tool again can you confirm the renewal config and Instruct me on how to enable TLS, Please.

Many thanks

James

Sorry TLS 1.3 update…

Please, write some script to update PHP so I don’t have to go greyer doing all this again!!.

Or just rewrite the Bitnami SSL tool to do redirects and bla bla bla

A Bitnami WP panel for SSL, RAM and all the other repetitive things we ask you about!.

It appears my nightmare is not at an end!, Now got a problem with ports?

Site is running though?

7793956d-ef30-709a-bd24-f1b5dc86e384

Regards

James8

Hi @james8,

Sorry for the delay on getting back to you. I visited your website and it seems to be using a valid SSL certificate now. Did you manage to solve your issues?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.