Website stops working on the first day of each month

Keywords: WordPress - AWS - Technical issue - Other
bnsupport ID: 0f3114a4-f493-b28a-f32e-f54fae3f79a1
Description:
Hey everybody,

I’m having a strange issue with my website. On the first day of each month, just after midnight, the website stops working.

It’s unresponsive to SSL and the only way to fix it is to restart using sudo /opt/bitnami/ctlscript.sh restart

Any idea what wold be causing this or the first place to look? I’ve had a look in the Apache logs and there doesn’t seem to be anything immediately obvious just after midnight.

Hi @PaulMa,

This issue should be related to the cron you have active to renew your SSL certificates each first day of the month:

# Renew SSL script cron
0 0 1 * * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh 2> /dev/null

It seems that your instance is really low on free memory and the execution of the renewal process may be enough to freeze it:

-----------------------------------
Display amount of free and used memory in the system
-----------------------------------
Running: free -m
In: /opt/bitnami

Output:

              total        used        free      shared  buff/cache   available
Mem:            482         373           8          25         100          70
Swap:           634         343         291

Please try increasing your instance memory and executing manually the renewal script once to verify the instance can sustain the load.

Regards,
Francisco de Paz

1 Like

Thanks so much for the quick reply.

That seems strange that it’s low on memory. It just runs a very basic Wordpress site.

Is there an easy way to interrogate which process is consuming the most memory?

Hello @PaulMa,

As you are running the minimum required instance size, it is not that strange that renewing the certificates freezes it. Could you try running the renewal script manually to dismiss any errors in it?

To check the processes consuming most of the memory you can run the following command:

ps -e -orss=,args= | sort -b -k1,1n | awk '{print $1,$2}' | tail -r -n 50

Regards,
Francisco de Paz

1 Like

Hey @fdepaz,

Thanks for the reply.

I have a feeling this is an issue with the command I have in my cron job.

When the cron job runs, it stops all of the services before operating, so in theory there shouldn’t be any memory use.

Is it possible that the version of lego needs an upgrade? If so, is there a command that I can use to upgrade the version of lego?

Cheers,

Hi @PaulMa,

The cron executes and script that, per our documentation, should momentarily stop apache, renew the certificates, and then start again Apache:

  #!/bin/bash

  sudo /opt/bitnami/ctlscript.sh stop apache
  sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90
  sudo /opt/bitnami/ctlscript.sh start apache

It could indeed be an issue with the lego command. First, try manually executing the lego command in your script and see its output.

You can upgrade your lego version by following the instructions from this guide’s step 1 that downloads the latest lego version. As you will already have a lego binary, remove it first by executing:

sudo rm /opt/bitnami/letsencrypt/lego

Regards,
Francisco de Paz

1 Like

Hey @fdepaz,

Thanks for that.

I’ve updated Lego and I’m now seeing where this issue could be originating from.

I’ve tried Googling this and I can’t find any answers that relate to the Lightsail Bitnami installation. This is the output from the Lego command in the cron job.

[INFO] Unable to deactivate the authorization: https://acme-v02.api.let sencrypt.org/acme/authz-v3/13864858285
[d1y000000hw5dgb.cloudfront.net] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from https://d1ysd00005dgb.cloudfront.net/.well-known/acme-challenge/ jSVgnRt-FtEk7Amkxg0aU2m8fA39JcXMWabrKXQjg1o

For background - my lego command uses a http challenge because I use Cloudfront, so the Lego command issues a certificate for my domain.com, www.domain.com and my cloudfront address.

Any idea what is causing this issue?

Hello @PaulMa,

I’m not really sure what could be causing this error. I found this thread in the LetsEncrypt’s community that may be of help: https://community.letsencrypt.org/t/unable-to-obtain-ssl-certificates/73112/3

Nevertheless, I suggest you to get in contact with Cloudfront support and check if there are any firewall rules or configuration that needs to be modified.

Regards,
Francisco de Paz

1 Like

THanks for your assistance, @fdepaz - I might try the Let’s Encrypt support community and will report back if I find the issue.

I don’t have ipV6 enabled on either Cloudfront or the container, so I’ll do a bit more digging.