Certbot On Apache Bitnami Not Working As Expected


#1

Please fill out the fields below so we can help you better.

My domain is: thestairwaytosuccess.com

I ran this command:I ran $ certbot --apache and managed to submit all my info to generate the ssl

It produced this output: I was able to get the private key but I never found the public key to get this on my server(google cloud) and get it up and running

My operating system is (include version): Apache and Debian 8

My web server is (include version):

My hosting provider, if applicable, is: google cloud

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

So afterward out of desperation and being unable to install the ssl i deleted the lets encrypt file alongside the rest of files with it. Now I want to revoke my SSL and create a new one to try again but when i run the command it obviously cant find anything as I deleted it. So basically>

¿How do i revoke current ssl?

-When i test for my certificate it says the common name is example.com instead of domain how do i fix this? You can check here --> https://www.sslshopper.com/ssl-checker.html#hostname=thestairwaytosuccess.com

-How when installing again do i get the public key PEM Encoded to add to Google Cloud?

-Also after doing this is there any changes I shoould make to my htaccess file?

Thanks in advance!


#2

Hi @intergua,

If you’ve deleted all the files, there is no way to revoke the certificate (effectively, you can no longer prove that it was yours, as opposed to someone else’s). If you still have the private key, it can be used for revocation, but this isn’t a requirement unless the private key has been accidentally disclosed to an unauthorized party.

Either way, revoking the certificate isn’t a requirement for getting a new one. There are limits to how many Let’s Encrypt certificates you can create for the same domains, but you can still have more than one at once (and revoking old certificates doesn’t increase or affect the limits at all).

The certificate that you’re using on your site right now is some kind of test or default certificate from your hosting environment, not a Let’s Encrypt certificate—which makes sense since you said you didn’t succeed in getting the Let’s Encrypt certificate set up. So your hosting environment is still working with a built-in test certificate. That’s why you see the example.com stuff and the other warnings from the checker too.

If you’re using Certbot, you can find all of the files associated with your certificate inside /etc/letsencrypt/live. Typically they’ll be something like

/etc/letsencrypt/live/thestairwaytosuccess.com/privkey.pem ← the private key for your site

/etc/letsencrypt/live/thestairwaytosuccess.com/fullchain.pem ← your certificate plus the intermediate (“chain”) certificate that proves that Let’s Encrypt is a trusted certificate authority

You can enter these locations into configuration files or tools for server applications running on the same machine, or copy the files onto other machines if you need to. (If you do that, be aware that the certificate is only valid for 90 days and you’ll have to repeat the process every time it’s due to expire!)


#3

Wow thank you very much for the swift reply Schoen. One more question when I try to generate a new SSL I get the email address I am inputting is not valid. Can I only generate an SSL per email? Or is that some submission error on my end.

Thanks again,


#4

hi @intergua

I believe you should have an account key which is what you use to authenticate against letsencrypt

can you paste a screenshot of the command and the message you are receiving

Andrie


#5

Hi thanks agaian. Heres the screenshot. I am getting this right after installing the certbot (sudo apt-get install python-certbot-apache -t jessie-backports) and running ‘certbot --apache’ with “sudo” as prefix .


#6


#7

Hi @intergua,

You said you were getting an error about an invalid e-mail address, but I don’t see anything about that in this screenshot.

@bmw, any idea about the “address already in use” with the Apache plugin?


#8

It sounds like Apache thinks something else is listening on port 80. Are you sure you’re actually running Apache? If so, is it possible that the Apache you’re running is different from the one packaged with the operating system (such as a custom compiled version)?


#9

@intergua are you using bitnami?


#10

Yes that is correct! I am running bitnami is it for that reason that I cant get around it?


#11

It sounds like you’re having the same problem as this person. Maybe the same solution will work for you too? (but see also @schoen’s reply there: auto-renewal won’t quite work by following those instructions exactly).


#12

Thanks I’ve checked it out ;however I ended up going with PHP 5.6 for a simpler approach. I couldnt really fully understand the explanation you sent me for Bitnami. I have managed to generate my certificate however I got the following error through PHP 5.6, It says it cant install my server or something of the sort.


#13

Is there a file /etc/apache2/sites-enabled/wordpress.conf, and if so, does it have a mismatched <IfModule> (that is, one at the start but no matching </IfModule> at the end, or vice versa)?


#14

Heres the whole file I dont see any If Module at all. What program do you recommend for editing all kind of files to manage a server?

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

Options FollowSymLinks
AllowOverride None

<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory “/usr/lib/cgi-bin”>
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all

ErrorLog ${APACHE_LOG_DIR}/error.log

Possible values include: debug, info, notice, warn, error, crit,

alert, emerg.

LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined


#15

Perhaps you could upload that to pastebin or something? The forum seems to have eaten some lines.

I use vim, so I’m probably the wrong person to ask about user-friendly editors :smiley:


#16

I also use vim. If your priority is editing individual files without learning editor commands, the usual recommendation is nano (a clone of the classic editor pico), which aims to be very simple to use. If you’re going to do a lot of text editing, there can be a lot of benefit to learning the command set of a sophisticated editor like vim or Emacs, which can make many complex editing tasks super-fast.


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.