Bitnami running Apache renew check causes certificate not found


#1

Today the script to check certificate status and update ran then caused an error in the bitnami config file.
cron job:
sudo /opt/bitnami/ctlscript.sh stop
sudo lego --email=“rbabb@myemail” --domains=“www.MYDOMAIN.com” --path="/etc/lego" renew
sudo /opt/bitnami/ctlscript.sh start

Error:
AH00526: Syntax error on line 46 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/opt/bitnami/apache2/conf/server.crt’ does not exist or is empty

Which would cause to site to stop working for a few seconds and then work again for a little while then error out again.
It was until I did the following lines:
sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
sudo ln -s /etc/lego/certificates/MYDOMAINNAME.key /opt/bitnami/apache2/conf/server.key
sudo ln -s /etc/lego/certificates/MYDOMAINNAME.crt /opt/bitnami/apache2/conf/server.crt
sudo chown root:root /opt/bitnami/apache2/conf/server*
sudo chmod 600 /opt/bitnami/apache2/conf/server*

That it finally started working correctly again. Do I need to add the move and dynamic links into my crontab to resolve this?

Any help you could provide would be helpful


#2

Hi @BobBabb,

Unless I’m confused about what Lego will do, I think that now that your links are in place, the renewal should work fine in the future. The links continue to exist and should therefore continue to help Apache know where to find new versions of the certificate after Lego renews them. The point of a symbolic link is that you don’t have to change the link when the target file is updated, so if Lego succeeds in updating the /etc/lego/certificates files after a renewal, Apache will now find the updated file contents when accessing them via the links in /opt/bitname/apache2/conf as well.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.