Apache failing to start after renewing SSL

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I was renewing the SSL certificate just like i have done like 12 times already using the below, unforunatly after doing all the steps i got the below error when trying to start the apache service

Tutorial: Using Let’s Encrypt SSL certificates with your WordPress instance in Amazon Lightsail | Lightsail Documentation

My domain is: usamaqasem.net

I ran this command: sudo /opt/bitnami/ctlscript.sh start

It produced this output:

Job for bitnami.service failed because the control process exited with error code.
See "systemctl status bitnami.service" and "journalctl -xe" for details.

After running "systemctl status bitnami.service"

"Job for bitnami.service failed because the control process exited with error code.
See "systemctl status bitnami.service" and "journalctl -xe" for details."

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: AWS lightsail

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

1 Like

Hi @usamaqasem and welcome to the community!

Is your server running? Or possibly being blocked somehow? This is what I am seeing from the West Coast USA

PORT    STATE  SERVICE
80/tcp  closed http
443/tcp closed https

Without access to these ports not much is going to happen ;0)
Would you share the output of:

AS ROOT:
systemctl status bitnami.service

journalctl -xe

2 Likes

Thank you very much Rip, yes i believe the server is just not starting after that error appeared during the renewal of the SSL certificate, I have attached the outputs of running the commands you wanted

1 Like

1 Like

OK so now were cookin! :face_with_raised_eyebrow:

  1. crt.sh | usamaqasem.net says you have acquired a dozen certificates on the 17th. So at least we know there is a cert somewhere that should be used instead of trying to acquire another one.

  2. The tutorial states that some locations have changed depending on the version of software(s) in use. It demonstrates three possible locations the certs may be located based on your environment.

  3. The error in the first image says it cant find the cert you requested... It is a pretty easy guess this is why your server wont start. So The certs need to be located so we can tell the webserver where they live.

Since we don't know the exact versions of your httpd and OS (I'm not familiar with your environment, but working from the tutorial link you provided us)

Please show the output from these list commands: especially the one that shows results
Let's see what is stored in the folders created by certbot:...

sudo ls -laR /etc/letsencrypt/live/

Then the following: the one that shows results

For Debian Linux distributions?
Approach A (Bitnami installations using system packages):
Try:

sudo ls -la /opt/bitnami/apache2/conf/bitnami/certs/

Approach B (Self-contained Bitnami installations):?
Try:

sudo ls -la /opt/bitnami/apache2/conf/

For older instances that use the Ubuntu Linux distribution:?
Try:

sudo ls -la /opt/bitnami/apache/conf/bitnami/certs/

This should give us enough info to move forward.

2 Likes

2 Likes

2 Likes

2 Likes

2 Likes

OK I see what happened... somehow there was a variable that didn't get set correctly when linking to the cert(s)...

Your link command should have looked more like this: (For older instances that use the Ubuntu Linux distribution and modified without the use of a variable)

sudo ln -s /etc/letsencrypt/live/usamaqasem.net/privkey.pem /opt/bitnami/apache/conf/bitnami/certs/server.key

sudo ln -s /etc/letsencrypt/live/usamaqasem.net/fullchain.pem /opt/bitnami/apache/conf/bitnami/certs/server.crt
sudo /opt/bitnami/ctlscript.sh start
3 Likes

The command didn't work at the start, should that files existed, so i deleted them and ran the the 3 commands and seems that all is good now.

Can you please let me know if should expect to run these commands every time i would renew my certificate or is it a one of?

2 Likes

I'd love to see the output of the "error", I suspect the previously existing link caused the complaint.
You should not have to redo this process for each renewal. Glad to see you got past that bottleneck.

It seems, however, that your site is redirecting somewhere unexpected?

https://13.235.124.7.nip.io/wp-signup.php?new=usamaqasem.net

13.235.124.7 resolves to usamaqasem.net but I have to admit this is something new to me.
@usamaqasem .. do you own 13.235.124.7 ? How does NIP.IO come into play here?

3 Likes

I will share a screen shot tomorrow.

Yes don't worry about that, this is a WordPress multi site, it needs a but of work to be properly configurated. The good thing the website is accessible..

Thank you for your help

3 Likes

This is the screenshot of the errors i received before I removed the files with "rm"

Thanks for the screenshot. Congratulations! Your site is up and running. good luck.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.