Amazon Lightsail Bitnami Error 400 and 403 when trying to add SSL

A bit of context, just in case it is useful.

We use AWS and we had a problem trying to update WordPress on our instance. Since we could not find a solución, we created another instance using a Snapshot. Everything is ok with Wordpress. We have an issue with our domain's SSL. Before, when the user typed "fundaciondeacero.org" he/she was automatically redirected to "www.fundaciondeacero.org". Now the user is not redirected, therefore the user navigates "fundaciondeacero.org" with the "site not safe" alert on the browser's address bar.

I tried this AWS Lightsail guide to add SSL to the domain but I get errors 400 for fundaciondeacero.org and 403 for www.fundaciondeacero.org.

While I can get myself around following guides, I have no technical knowledge of this matters. I'd really, really appreciate your generosity for providing precise instructions if there are solutions to ths issue. I'm open for a videocall if it is not too much to ask so I can follow instructions live. Here are the details.

My domain is: fundaciondeacero.org

I ran this command: sudo /opt/bitnami/bncert-tool
Enable HTTP to HTTPS redirection [Y/n]: Y
Enable non-www to www redirection [Y/n]: Y
Enable www to non-www redirection [y/N]: N

It produced this output:
An error occurred creating certificates with Let's Encrypt:

2025/02/02 06:15:38 [INFO] [fundaciondeacero.org, www.fundaciondeacero.org]
acme: Obtaining bundled SAN certificate
2025/02/02 06:15:38 [INFO] [fundaciondeacero.org] AuthURL:
https://acme-v02.api.letsencrypt.org/acme/authz/2202497185/469801460165
2025/02/02 06:15:38 [INFO] [www.fundaciondeacero.org] AuthURL:
https://acme-v02.api.letsencrypt.org/acme/authz/2202497185/469801460175
2025/02/02 06:15:38 [INFO] [fundaciondeacero.org] acme: use tls-alpn-01 solver
2025/02/02 06:15:38 [INFO] [www.fundaciondeacero.org] acme: use tls-alpn-01
solver
2025/02/02 06:15:38 [INFO] [fundaciondeacero.org] acme: Trying to solve
TLS-ALPN-01
2025/02/02 06:15:42 [INFO] [www.fundaciondeacero.org] acme: Trying to solve
TLS-ALPN-01
2025/02/02 06:15:49 [INFO] Deactivating auth:
https://acme-v02.api.letsencrypt.org/acme/authz/2202497185/469801460165
2025/02/02 06:15:49 [INFO] Deactivating auth:
https://acme-v02.api.letsencrypt.org/acme/authz/2202497185/469801460175
2025/02/02 06:15:49 Could not obtain certificates:
error: one or more domains had a problem:
Press [Enter] to continue:

[fundaciondeacero.org] acme: error: 400 :: urn:ietf:params:acme:error:tls ::
45.223.136.102: remote error: tls: unrecognized name
[www.fundaciondeacero.org] acme: error: 403 ::
urn:ietf:params:acme:error:unauthorized :: Incorrect validation certificate for
tls-alpn-01 challenge. Requested www.fundaciondeacero.org from
52.44.182.199:443. Received certificate which is not self-signed.

Please check our documentation and support forums, we'll be happy to help!


Error

An error occurred when applying configurations.

The web server configuration was left unchanged. There was an error in the new
configuration, so it was reverted.

Failed steps:

  • Running Let's Encrypt: Error creating certificates

Find more details in the log file:

/tmp/bncert-202502020613.log (I cannot access to this file. The FTP says I have no permission)

If you find any issues, please check Bitnami Support forums at:

My web server is (include version): I don't know where to get this information, please excuse me.

The operating system my web server runs on is (include version): Cannot answer correctly. If it helps, the platform is Linux, using WordPress sertified by Bitnami and Automattic.

My hosting provider, if applicable, is: Amazon LightSail

I can login to a root shell on my machine (yes or no, or I don't know): If this is connecting to a SSH protocol, then yes I can

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Lightsail's control panel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Don't know this information either.

If you guide me to get the missing data just please tell me how and I will.
Thank you very much.

That's a lot to ask. Most of the helpers here are volunteers offering our time and expertise for free. If you need that much assistance maybe consider a hosting service that is easier to operate?

I can point out something ... you should change your DNS settings for your two domain names. I am not sure either one is correct but at least your www domain has HTTPS working. In either case, your two domain names should not point to different IP addresses

dig +noall +answer fundaciondeacero.org
fundaciondeacero.org.   10      IN      A       45.223.146.102
fundaciondeacero.org.   10      IN      A       45.223.136.102

dig +noall +answer www.fundaciondeacero.org
www.fundaciondeacero.org. 9     IN      CNAME   fundaciondeacero.org.P3767888158.fortiwebcloud.net.
fundaciondeacero.org.P3767888158.fortiwebcloud.net. 59 IN CNAME lb-3.us-east-1.aws.waas-online.net.
lb-3.us-east-1.aws.waas-online.net. 60 IN A     52.44.182.199

From the AWS Docs you linked to:

4 Likes

Thank you! We managed to find out the problem using this as a reference!!

2 Likes