Used BNCERT on Moodle for HTTPS, Site now Inaccessible

Moodle
#1

Keywords: Moodle - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: a1b37b4e-0b07-cc4d-501a-a59adea37bbe

Description:
I used BNCERT to generate a certificate for my domain name through IONOS, but it didn’t work appropriately. The redirect from the domain name used the site IP address but the Moodle installation defaulted the EC2 DNS “ec2-xx-xx-xx-xx.us-east-X.compute.amazonaws.com”. I attempted to undo the BNCERT process to undo what I had done, but the httpd.conf file won’t let me restart Apache because it’s looking for the DOMAIN.crt I created, which I’ve since erased. This was totally my error, but I’m in a bind. I’ve tried restoring from several of the EC2 snapshots I have from before I started the process, but for some reason none of these are reachable, I have no idea why. I’m look for a couple of things: is there any way to restore the original Bitnami httpd.conf? The backup that BNCERT created doesn’t work correctly. Second, is there a more comprehensive step by step guide to switching Bitnami Moodle to HTTPS? I will have to begin the process again once I get the server running again. I realize this is a lot, any help is appreciated.

#2

Hi @mns271,

To get the httpd.conf you can create a new instance of Bitnami Moodle and copy in this one.
For Https, you can use the alternative approach https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#alternative-approach

I hope that helps you,
Ibone.

#3

Thank you for the reply, I actually made some progress after my original post. It turns out the problem was not with httpd.conf, but instead with bitnami.conf, which I was able to restore from the backup created by BNCERT. I also tried the alternative approach using the LEGO client, but ended up with the same issue. Once the certificate is generated the site becomes inaccessible. The issue seems to be that the Domain name which uses the site IP address, and that the certificate is issued for doesn’t apply once inside the Moodle application itself, which uses the ec2 domain: EC2 DNS “ec2-xx-xx-xx-xx.us-east-X.compute.amazonaws.com”. Is there a way to change the Moodle installation so it uses the site IP instead of the EC2 IP4V DNS so that bthe certificate applies? Is there another approach to do this?

#4

A small update on this; I was able to use BNCERT to generate the SSL certificate for my domain name. The DNS has the IP address of the server, so the landing page which uses the domain is working as HTTPS. However, once it redirects to the Moodle application the certificate is invalid because the site still uses the EC2 DNS: “ec2-xx-xx-xx-xx.us-east-X.compute.amazonaws.com”. I have found this cached webpage with the process to change the site domain: https://webcache.googleusercontent.com/search?q=cache:Gvd-9gZW2HQJ:https://docs.bitnami.com/aws/apps/moodle/administration/update-ip-hostname/+&cd=1&hl=en&ct=clnk&gl=us&client=firefox-b-1-d. I believe I could use this to change the Moodle application to use the site IP instead of the EC2 DNS. Can someone confirm if this sounds accurate, or if they have used this process before and that it will do what I need?

#5

After some searching I believe I have verified the problem using the guidance in this Bitnami video: https://www.youtube.com/watch?v=swo4e4L-K-I. When checking “host” for the EC2 DNS: “ec2-xx-xx-xx-xx.us-east-X.compute.amazonaws.com” it shows the private IPV4 address of the EC2 server. This is different then the “host” for the domain name, which is the public IP of the EC2 server, which the SSL certificate is for. I believe this conflict is the root issue. Not sure how to fix this.

#6

Hi @mns271,

Thank you for checking it a bit further. You will need to configure Moodle to use your custom domain name using the bnconfig tool, so it starts generating internal URL for your domain instead of the compute.amazonaws.com one

sudo /opt/bitnami/apps/moodle/bnconfig --hostname "your-moodle-domain.com"

Can you also run the bnsupport tool again so we can check your updated config and logs? It will generate a new code that you will need to paste here

#7

Hello, and thank you for this, but that didn’t work either. The bnconfig had an error when I attempted this, and attempting to change this in the “host” file had no effect. I was using this old article for guidance over the weekend and that lead me to try what you suggested: https://webcache.googleusercontent.com/search?q=cache:Gvd-9gZW2HQJ:https://docs.bitnami.com/aws/apps/moodle/administration/update-ip-hostname/+&cd=1&hl=en&ct=clnk&gl=us&client=firefox-b-1-d

The problem is resolved however. Ultimately I disabled the public EC2 DNS in the AWS VPC configuration. For those who have the same issue and would like to try this follow these steps:

  1. Log into the AWS console.
  2. Select services from the top and VPC from “Networking & Content Delivery.”
  3. Select VPCs from the top left.
  4. Check the VPC for your instance from the list, and select “Change DNS Hostname” from the Actions in the top right.
  5. Uncheck “Enable” and then Save Changes.

Until I did this, the ECS DNS superseded every change to the domain I made on the server.

This article has a great deal of information about VPC and DNS: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html

#8

Hi @mns271,

Thanks for the detailed information and for posting here your solution so it can be of help for other users in the future!

We will close this thread as solved. Please do not hesitate to open a new one with any other questions you may have.

#9