CertBot, Bitnami, Wordpress issues

#1

I just started with CertBot today, I am running an EC2 instance of Bitnami and Automaticc’s WordPress Machine image.

My domain is: dudedope.com

I ran this command: sudo certbot certonly --webroot

It produced this output: when it asked for the directory i provided the (/var/www) directory which http-01 challenge for dudedope.com
Input the webroot for dudedope.com: (Enter ‘c’ to cancel): /var/www
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. dudedope.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient auth orization :: Invalid response from http://dudedope.com/.well-known/acme-challenge/xfU-PmGei81jPHN4InSgrCRecqw-NsfhH0rDtTqo_1w [34.2 27.117.83]: “\n<html lang=“en-US” xmlns:og=“http://opengraphprotocol.org/schema/” xmlns:fb=“http://www.facebook .com/2008/fbml”>”

IMPORTANT NOTES:

My web server is (include version): Apache2

The operating system my web server runs on is (include version): when itstalled it uses Ubuntu 16.04 Linux

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes i can, thats the only way.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): i use SSH to remotely manage the server.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

#2

Hi @stinklewinks

create two subdirectories

/var/www/.well-known/acme-challenge

there a file (file name 1234) and check, if you can load that file via

http://dudedope.com/.well-known/acme-challenge/1234

Sometimes there are additional definitions so the website-webroot should work, but doesn’t work.

1 Like
#3

Maybe it should be /var/www/html instead of /var/www (depending on your OS package defaults).

#4

I will try them out. Standby.

#5

Hi,

Did you install WordPress by yourself? Or you used the WordPress that come with the bitnami installation?

Thank you

#6

I used the AMI image in the AWS marketplace. Did zero config on my end (besides adding to the .htaccess afterwards)

#7

tried /var/www/html

output:

bitnami@ip-172-31-56-209:/$ sudo certbot certonly --webroot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): dudedope.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dudedope.com
Input the webroot for dudedope.com: (Enter ‘c’ to cancel): /var/www/html
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. dudedope.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://dudedope.com/.well-known/acme-challenge/AaC5Emt_hqatkEak2RrPqG72Eke7k_6Kibxh2Oo_dN4 [34.227.117.83]: "\n<html lang=“en-US” xmlns:og=“http://opengraphprotocol.org/schema/” xmlns:fb="http://www.facebook.com/2008/fbml">"

IMPORTANT NOTES:

#8

will try! thanks so much

#9

did not work, unfortunately. i still get:

bitnami@ip-172-31-56-209:/$ sudo certbot certonly --webroot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): dudedope.com, www.dudedope.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dudedope.com
http-01 challenge for www.dudedope.com
Input the webroot for dudedope.com: (Enter ‘c’ to cancel): /var/www/html

Select the webroot for www.dudedope.com:


1: Enter a new webroot
2: /var/www/html


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. dudedope.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://dudedope.com/.well-known/acme-challenge/A5yWVzl_wj2UzVNGJV88e7eiVg2xvKHt1kT3H6NT2mo [34.227.117.83]: "\n<html lang=“en-US” xmlns:og=“http://opengraphprotocol.org/schema/” xmlns:fb="http://www.facebook.com/2008/fbml">", www.dudedope.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.dudedope.com/.well-known/acme-challenge/9-K381GCB2IHGn2rzokSgOYN_CgQvNqqy0KKtBlSyCA [34.227.117.83]: "\n<html lang=“en-US” xmlns:og=“http://opengraphprotocol.org/schema/” xmlns:fb="http://www.facebook.com/2008/fbml">"

IMPORTANT NOTES:

#10

Hi,

Do you mind to share us the link to that AMI image?
Is it this one> https://aws.amazon.com/marketplace/pp/B00NN8Y43U/

Thanks

#11

that’s the one :+1:

i’ve tried a few things on some of the other posts and documentation and I have been running into permission denieds. So, I am probably doing it incorrectly.

#12

Are you sure this is really your bitnami DocumentRoot? Other users have something like

/opt/bitnami/apache2/htdocs

To check, create the two subdirectories

/var/www/html/.well-known/acme-challenge

there a file (file name 1234) and try to load this file with your browser

http://dudedope.com/.well-known/acme-challenge/1234

If that doesn’t work, you use the wrong webroot / DocumentRoot.

#13

you know…that’s an excellent question. That’s why you are Community Leader. I am going to retry using that suggestion :grinning:

#14

bitnami@ip-172-31-56-209:/$ sudo certbot certonly --webroot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): dudedope.com, www.dudedope.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dudedope.com
http-01 challenge for www.dudedope.com
Input the webroot for dudedope.com: (Enter ‘c’ to cancel): /opt/bitnami/apache2/htdocs

Select the webroot for www.dudedope.com:


1: Enter a new webroot
2: /opt/bitnami/apache2/htdocs


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. dudedope.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://dudedope.com/.well-known/acme-challenge/kp-EzSBIL22iMZVAZ0M_mr1nBxp1ZZOwiCSLlc3E4kw [34.227.117.83]: "\n<html lang=“en-US” xmlns:og=“http://opengraphprotocol.org/schema/” xmlns:fb="http://www.facebook.com/2008/fbml">", www.dudedope.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.dudedope.com/.well-known/acme-challenge/JOtxPgyZLfEv50o4tBj1rfqkE7Bo6hf8YxJ6_olXBm4 [34.227.117.83]: "\n<html lang=“en-US” xmlns:og=“http://opengraphprotocol.org/schema/” xmlns:fb="http://www.facebook.com/2008/fbml">"

IMPORTANT NOTES:

This is the new output. Same ending phrase with the DNS record prompt. Could this be a Bitnami thing?

#15

Did you create the test file? If the test file doesn’t work, Letsencrypt can’t work.

And yep - there are 1000 possible webroots, you can have a lot of different configurations an location definitions.

#16

Hi,

If you are indeed using that image, it have a different configuration…
Take a look at this:
https://docs.bitnami.com/aws/apps/wordpress/administration/generate-configure-certificate-letsencrypt/

Thank you

#17

thank you, thank you, thank you, thank you, thank you

#18

Hi,

Just curious…
Is it working?

Thank you

#19

It worked. There is a Valid cert from Let’s Encrypt now. Now I’m dealing with an issue outside of that now. Now it says that only part of the session is encrypted and that some of the images on my site may still be visible “to an attacker”. So I am currently doing my due diligence to see why that is.

#20

That’s simple:

http://s3.amazonaws.com/dudedopemedias/wp-content/uploads/2018/12/02205258/DudeDope.png

is mixed content ( https://check-your-website.server-daten.de/?q=dudedope.com ).

And you don’t have a redirect http -> https.

1 Like