Auto Renewing Not working with Google Cloud hosting

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.empowermentday.info

I ran this command: ./certbot-auto renew --dry-run

It produced this output: Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/empowermentday.info.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for empowermentday.info
http-01 challenge for www.empowermentday.info
Waiting for verification…

Attempting to renew cert (empowermentday.info) from /etc/letsencrypt/renewal/empowermentday.info.conf produced an unexpected error: Failed authorization procedure. empowermentday.info (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://www.empowermentday.info.well-known/ac
me-challenge/6uB-TGcQAjuomRT9TxhedtJkXm2SUMmPg4WP159cqrA: Error getting validation data, www.empowermentday.info (h
ttp-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching h
ttps://www.empowermentday.info.well-known/acme-challenge/dV6hsQosMtqLb_igT8mTN3rVC48pNY0gLAEjfAE4RpU: Error getting
validation data. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/empowermentday.info/fullchain.pem (failure)

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/empowermentday.info/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:

My web server is (include version): Apache

The operating system my web server runs on is (include version): Virtual Machine Bitnami

My hosting provider, if applicable, is: Google Cloud

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

You have a bad redirect on your website.

$ curl -k -X GET -i http://www.empowermentday.info/.well-known/acme-challenge/dV6hsQosMtqLb_igT8mTN3rVC48pNY0gLAEjfAE4RpU
HTTP/1.1 302 Found
Date: Thu, 25 Jan 2018 04:01:33 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: https://www.empowermentday.info.well-known/acme-challenge/dV6hsQosMtqLb_igT8mTN3rVC48pNY0gLAEjfAE4RpU

Location: https://www.empowermentday.info.well-known/acme-challenge

How would I fix this?

I have 3 websites and they are all having the same issue with not autorenewing.

Fix your HTTPS redirect to include a trailing slash, whichever way you do it (.htaccess or Apache configuration).

This doesn’t just affect your SSL renewals, it plainly breaks any URL on your website, e.g.: http://empowermentday.info/register/

Thank you.

So, I can hold my own on coding, but I am not a professional - how would I do that? Could you give me a step by step?

It will depend on what the person who made these websites in the first place did.

Maybe open up the .htaccess file in the document root of your website and paste it here. In my experience that is the most likely place the mistake will be.

You can post it in a code block like this:

```
paste the contents in between two lines like this
```

What specifically am I looking for in that file

The HTTPS redirect. I don’t know exactly what it will look like. If you can’t identify it, just paste the whole file here.

I Took out top itheme security because there were too many characters

You can save it as a .txt file and attach it if you can’t fit it all in in one post. Or clone .htaccess to htaccess.txt on your website.

The parts that you pasted were not relevant.

I am a new user and it wont let me attach files

https://empowermentday.info/wp-content/uploads/2018/01/htaccess.txt

Looks like the redirect isn’t coming from your .htaccess file :frowning: .

Can you try run the following to find the source of the redirect:

grep -Ri https /etc/{apache2,httpd}/conf*

grep: /etc/httpd/conf*: No such file or directory

Running out of ideas :confused: .

What does this show:

apachectl -S

edit: Actually, I just noticed you are using Bitnami. What does this show:

grep -Ri https /opt/bitnami/apache2/

AH00526: Syntax error on line 52 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/empowermentday.info/cert.pem’ does not exist or is empty

Take a look at https://docs.bitnami.com/aws/components/apache/#how-to-force-https-for-all-applications

You are looking for rules that look like that one. The problem you need to fix is that you will have a rule that vaguely looks something like:

  RewriteRule ^/(.*) https://%{SERVER_NAME}$1

but needs to include a slash before the $1:

  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1

Otherwise try the grep command I added to my previous post.

This is the file of the command.

Great. Looks like /opt/bitnami/apache2/conf/bitnami/bitnami.conf contains this line:

Redirect / https://www.empowermentday.info

but it should be:

Redirect / https://www.empowermentday.info/

Once you change that, you need to reload your Apache configuration. However, because of the error in your earlier post, I am not sure whether you are going to be successfully able to reload Apache’s configuration:

AH00526: Syntax error on line 52 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/empowermentday.info/cert.pem’ does not exist or is empty

1 Like

Thank you for help. It did not work so I am trying to set up a new vm.