Bitnami + AmazonWebServices + Issuance for IP addresses not supported

Please fill out the fields below so we can help you better.

My domain is: gamificagroup.com

I ran this command: i run the WP Encrypt plug-in

It produced this output: No HTTP challenge available for domain 54.233.128.230. Original response: {“type”:“urn:acme:error:malformed”,“detail”:“Error creating new authz :: Issuance for IP addresses not supported”,“status”:400}

My web server is (include version): Amazon Web Services via Bitnami

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Amazon Web Services

I can login to a root shell on my machine (yes or no, or I don’t know): Yes.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No.

LetsEncrypt is only for domain names - not for IP addresses.

That means exactly what it says - Let’s Encrypt does not issue certificates for IP addresses. You will need to register a domain name and point corresponding DNS records for that domain to the IP address to have a certificate issued from Let’s Encrypt.

So, this is the problem> i’m using a bitnami configuration through amazon web services.
On Route 53 im having an A alias for gamificagroup.com and its still saying "Domain: gamificagroup.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
24ff772621c5f98f92fd3ca3e81bf477.d980b50dae16e215f6934a4f17c6f5f4.acme.invalid
from 54.233.128.230:443. Received 1 certificate(s), first
certificate had names “www.example.com

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address."

Any ideas?

Although the error message is now different, the reasons for them are not LE related.
There is a self-signed “www.example.com” cert found at that IP:


https://www.ssllabs.com/ssltest/analyze.html?d=gamificagroup.com&hideResults=on
Did you put that there?
Can you remove it and try using your domain name instead?

That’s not the issue. You can have an invalid certificate and still use tls-sni-01 or http-01 challenges. @GamificaLatam, can you post the actual command you used? I’m assuming you used the apache plugin. This is supposed to set up Apache to serve a temporary certificate with a specific identity to SNI requests to a fake domain. However, sometimes Certbot has issues parsing the Apache configs, or other SSL endpoints catch those connection attempts first. You may want to look into using the webroot methods instead, but let’s see if we can figure this out first.

I wasn’t trying to resolve the issue, more like just trying to steer cattle - you merely point them in a more desired direction and let them get there on there own.

If he doesn’t know where that cert came from - he should find out and learn what his system is doing before making uneducated changes.

Hi! I dont know where that certificate came from.

when i run the commands as shown on https://certbot.eff.org/#ubuntutrusty-apache , this is the result i get:

bitnami@ip-172-31-4-162:~$ sudo certbot --apache certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): gamificagroup.com
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for gamificagroup.com
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Encountered exception during recovery
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/certbot/error_handler.py”, line 99, in _call_registered
self.funcs-1
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 284, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1910, in cleanup
self.restart()
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1799, in restart
self._reload()
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 1810, in _reload
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs


Any suggestions?

I would start by determining if any other service is using port 80 (or [::]:80).
netstat -pant |grep 80

I would also look in the Apache error logs for added information.

If possible, I would update/upgrade software.
Check the version of certbot:
certbot --version

Hi!

This is what i can send you (i’m just beggining with terminal, coding and
everything else):

bitnami@ip-172-31-4-162:~$ netstat -pant |grep 80
(No info could be read for “-p”: geteuid()=1000 but you should be root.)
tcp 0 180 172.31.4.162:22 186.108.115.152:65471
ESTABLISHED -
tcp6 0 0 :::80 :::* LISTEN

Maybe try sudo netstat -pant | grep 80 instead in order to find out what program it was. It looks like your regular user account wasn’t allowed to learn this information.

That certbot log looks like you might have two copies of Apache installed, one from bitnami and one from your operating system, and certbot is trying to use the operating system copy that you don’t use.

If you’re sure you only use the copy of Apache included with bitnami, you could try uninstalling the operating system provided version by running sudo apt-get remove apache2 That will also tell you if it is in fact not installed.

I don’t know if certbot needs any further help finding the bitnami copy of Apache. I know several other people on the forums use certbot successfully with it, but they may have done some manual prodding.

So… this is what i made:

i de-installed by running sudo apt-get remove apache2

the, i went to the regular process on installing certbot:

this is the result i got:

bitnami@ip-172-31-4-162:~$ sudo certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log

No names were found in your configuration files. Please enter in your domain

name(s) (comma and/or space separated) (Enter ‘c’ to cancel):
gamificagroup.comObtaining a new certificate

An unexpected error occurred:

The request message was malformed :: Error creating new authz :: Name does
not end in a public suffix

Please see the logfiles in /var/log/letsencrypt for more details.

I’m trying to use the WP Encrypt plug in as well, not working neither.

Any further advice?

It appears to still be finding the configuration from the system Apache. You could delete it but judging by some long bitnami-related forum threads I think it still won’t find the bitnami one.

Instead, let’s just go ahead and instruct certbot to use the bitnami one explicitly:

sudo certbot --apache --apache-server-root /opt/bitnami/apache2

Please note that the location of /opt/bitnami/apache2 varies from installation to installation. It may also be located at /home/bitnami/apache2. Please confirm the correct location of your bitnami Apache installation before proceeding.

I don’t agree with that in this case, because it said “Please enter in your domain name(s)”.

Can you try with -d instead? Like -d gamificagroup.com? The error that you got is from the certificate authority, appearing to say that gamificagroup.com doesn’t end in .com, which doesn’t really make sense.

1 Like

none on this is working.

i need urgent help, not getting my site to get up!!!

this is the log:

bitnami@ip-172-31-4-162:~$

bitnami@ip-172-31-4-162:~$ sudo certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log

No names were found in your configuration files. Please enter in your domain

name(s) (comma and/or space separated) (Enter ‘c’ to cancel):
54.233.128.230

You might also want to try the Bitnami forum at

I don’t remember whether we’ve ever had someone have success with certbot --apache with Bitnami. Some of the threads here have suggested instead using certbot --webroot with Bitnami, which will then require you to do a manual edit to the Bitnami configuration files to point at your new certificate afterward.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.