Wordress Stack & SSL - Apache will not start

Hi @typica1cat,

This is weird. Apache is configured to use ports 80 and 443 and checking your screenshots, the firewall is open. Let’s see if you can access the application from inside the instance

sudo /opt/bitnami/ctlscript.sh status
ps aux | grep apache
curl -LI localhost
curl -LIk https://localhost

Thanks

Hi @jota,

I’ve run the commands listed, here is the output:

sudo /opt/bitnami/ctlscript.sh status
apache already running
mariadb already running
php-fpm already running

ps aux | grep apache
root 680 0.0 0.7 13860 7784 ? Ss Jan11 0:06 /opt/bitnami/apache/bin/h
ttpd -f /opt/bitnami/apache/conf/httpd.conf
daemon 683 0.0 1.7 1867428 17612 ? Sl Jan11 0:02 /opt/bitnami/apache/bin/h
ttpd -f /opt/bitnami/apache/conf/httpd.conf
daemon 684 0.0 1.7 1867428 18004 ? Sl Jan11 0:01 /opt/bitnami/apache/bin/h
ttpd -f /opt/bitnami/apache/conf/httpd.conf
daemon 1135 0.0 1.4 1867424 15056 ? Sl Jan11 0:04 /opt/bitnami/apache/bin/h
ttpd -f /opt/bitnami/apache/conf/httpd.conf
bitnami 19952 0.0 0.0 6076 884 pts/1 S+ 13:33 0:00 grep apache

curl -LI localhost
HTTP/1.1 200 OK
Date: Fri, 14 Jan 2022 13:33:48 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.1.1d
X-Powered-By: PHP/7.4.21
Link: http://localhost/wp-json/; rel=“https://api.w.org/”, <http://localhost/wp-json/wp/
v2/pages/2225>; rel=“alternate”; type=“application/json”, http://localhost/; rel=shortli
nk
Content-Type: text/html; charset=UTF-8

curl -LIk https://localhost
curl: (7) Failed to connect to localhost port 443: Connection refused

My support request with AWS was not all the helpful. They essentially said that if 443 is not accessible the instance is not listening for 443 requests. The shared KB article can be found here: https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

Let me know if I can provide anything further to assist.

Thanks!!

Hi @typica1cat,

I’ve checked your configuration and I don’t see the “bitnami-ssl.conf” file included. Could you include it by adding the following line to “bitnami.conf”?

Include "/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf"

And restart Apache?

sudo /opt/bitnami/ctlscript.sh restart

Regards,
Michiel

Good Morning @michiel,

I’ve updated the bitnami.conf to include the line you provided and restarted apache.

I am finally able to access my site at https://MYDOMAIN.com however I receive an error about connection security. When I click the red “Not Secure” by the domain it tells me my certificates are not valid and my connection isn’t secure.

It looks like http is still accessible as well (without the warning).

@michiel,

I discovered the certificate is not correct:

I tried to renew the certificate using the Lego Tool - which ran successfully. However, when I refresh the site I get the same result.

Chrome also throws the following error upon first visit:

NET::ERR_CERT_AUTHORITY_INVALID

Hi @typica1cat,

It seems that Apache is still using the self signed certificate instead of the Let’s Encrypt certificate. Could you run the bndiagnostic tool again and send me the ID?

Best regards,
Michiel

@michiel,

Thanks for your continued assistance!

New BN Diagnostic Code: 5bea8cc1-c826-757f-6321-c2a8f18539ee

Hi @typica1cat,

Can you check the certificate with the following command:

openssl x509 -in /opt/bitnami/apache/conf/bitnami/certs/server.crt -text -noout | grep Issuer

And tell me the output?

Best regards,
Michiel

@michiel,

Here is the output:

 an't open /opt/bitnami/apache/conf/bitnami/certs/server.crt for reading, Permission denie
d
139653940089984:error:0200100D:system library:fopen:Permission denied:../crypto/bio/bss_fi
le.c:69:fopen('/opt/bitnami/apache/conf/bitnami/certs/server.crt','r')
139653940089984:error:2006D002:BIO routines:BIO_new_file:system lib:../crypto/bio/bss_file
.c:78:
unable to load certificate

Tried searching out the errors and found the SSL paths in my vhosts files and they look right to me. I am seriously confused however as I have server.crt located in /opt/bitnami/apache2/conf/server.crt AND /opt/bitnami/apache/conf/bitnami/certs/server.crt … now I don’t know which path is correct?