Can not run ssl on Bitnami on EC2

Help
1

My domain is: beyondyourtravel.com

I ran this command: * sudo certbot --apache

It produced this output:

sudo certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

No names were found in your configuration files. Please enter in your domain

name(s) (comma and/or space separated) (Enter ‘c’ to cancel): beyondyourtravel.com

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for beyondyourtravel.com

Enabled Apache rewrite module

Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

Unable to restart apache using [‘apache2ctl’, ‘graceful’]

Cleaning up challenges

Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

Unable to restart apache using [‘apache2ctl’, ‘graceful’]

Encountered exception during recovery:

Traceback (most recent call last):

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2185, in _reload

util.run_script(self.option(“restart_cmd”))

File “/usr/lib/python3/dist-packages/certbot/util.py”, line 86, in run_script

raise errors.SubprocessError(msg)

certbot.errors.SubprocessError: Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 75, in handle_authorizations

resp = self._solve_challenges(aauthzrs)

File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 139, in _solve_challenges

resp = self.auth.perform(all_achalls)

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2287, in perform

self.restart()

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2175, in restart

self._reload()

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2203, in _reload

raise errors.MisconfigurationError(error)

certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2185, in _reload

util.run_script(self.option(“restart_cmd”))

File “/usr/lib/python3/dist-packages/certbot/util.py”, line 86, in run_script

raise errors.SubprocessError(msg)

certbot.errors.SubprocessError: Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File “/usr/lib/python3/dist-packages/certbot/error_handler.py”, line 108, in _call_registered

self.funcs-1

File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 323, in _cleanup_challenges

self.auth.cleanup(achalls)

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2312, in cleanup

self.restart()

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2175, in restart

self._reload()

File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2203, in _reload

raise errors.MisconfigurationError(error)

certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

Error while running apache2ctl graceful.

httpd not running, trying to start

Action ‘graceful’ failed.

The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80

no listening sockets available, shutting down

AH00015: Unable to open logs

2

Hi @BeyondYourTrav1

if you have a running webserver, you should use that. So switch to webroot. And you can't configure Bitnami directly, so --apache can't work.

Start with something like

certbot certonly -a webroot -w webrootOfYourRunningWebserver -d beyondyourtravel.com -d www.beyondyourtravel.com

But there are a lot of webroots possible if you use Bitnami.

If this is done, check the Bitnami documentation how to install the certificate.

3

Dear Sir/Ms
I got ssl certificate working now but when I check on https://www.ssllabs.com/ssltest/analyze.html?d=beyondyourtravel.com
It is valid only 90 days
Is it auto renew or I have to do something

Best regards

4

Hi @BeyondYourTrav1,

All Let’s Encrypt certificates are always valid for exactly 90 days.

Depending on how Certbot was installed on your system, it may autorenew based on your current configuration. A good test to try is

sudo certbot renew --dry-run

This does a test against the Let’s Encrypt staging server to try to issue a test certificate with your existing configuration, which simulates what should happen later when your certificate is less than 30 days from expiry. You can see whether this shows a successful renewal or instead gives some kind of error message.

5

If you have used such a command like

certbot certonly -a webroot -w webrootOfYourRunningWebserver -d beyondyourtravel.com -d www.beyondyourtravel.com

then this command should be executed again in 60 - 65 days.

But this command includes "certonly". So you should find a script solution to do the additional steps your Bitnami requires.

If this is done, you can add add --deploy-hook to execute that script.

https://certbot.eff.org/docs/using.html

--deploy-hook DEPLOY_HOOK
                        Command to be run in a shell once for each
                        successfully issued certificate. For this command, the
                        shell variable $RENEWED_LINEAGE will point to the
                        config live subdirectory (for example,
                        "/etc/letsencrypt/live/example.com") containing the
                        new certificates and keys; the shell variable
                        $RENEWED_DOMAINS will contain a space-delimited list
                        of renewed certificate domains (for example,
                        "example.com www.example.com" (default: None)
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.