Configuring Certbot to work on Bitnami Apache

I used /opt/bitnami/ctlscript.sh restart apache.
looks like it did a restart

I did a check with /www.ssllabs.com and still get name mismatch it looks like on the certificates it still say
www.exemple.com

I'm not sure that I get the certificate name right. When I type certbot certificates.
I get
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
cert.
certbot: error: unrecognized arguments: certificates.

Older versions of Certbot don't support the certbot certificates command, but not to worry - the certificate name is also included in the output you posted above; it's part of the certificate path. It's artofchangetherapy.com

I'd guess that you have some other virtual host also referring to the old self-signed certificate, and Apache is picking that up instead of the default configuration. Perhaps something added by Bitnami's Wordpress installer, if you didn't do it yourself. Have a look, using something like

grep -lr SSLCertificate /opt/bitnami

to find where the additional file might be, where you need to make the same change, and restart apache again.

If you find anything, post it here :slight_smile:

This what come out

artofchangetherapy@artofcangetherapy-vm:~$ sudo grep -lr SSLCertificate /opt/bitnami
/opt/bitnami/apache2/conf/bitnami/bitnami.conf
/opt/bitnami/apache2/conf/extra/httpd-ssl.conf
/opt/bitnami/apache2/conf/original/extra/httpd-ssl.conf
/opt/bitnami/apache2/modules/mod_ssl.so
/opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf
/opt/bitnami/apps/phpmyadmin/conf/httpd-vhosts.conf
/opt/bitnami/php/lib/php/AWSSDKforPHP/services/elb.class.php

That would be my guess as to the most likely suspect, so try making the change there first. Failing that, try all the files ending in .conf until you find the right one :slight_smile:

Just to be on the safe side my httpd-vhosts.conf file
do I change all the example.com artofchangetherapy.com or do i need to add lines into it?

<VirtualHost *:80>
ServerName wordpress.example.com
ServerAlias www.wordpress.example.com
DocumentRoot “/opt/bitnami/apps/wordpress/htdocs”

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

<VirtualHost *:443>
ServerName wordpress.example.com
ServerAlias www.wordpress.example.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/server.crt"
SSLCertificateKeyFile “/opt/bitnami/apps/wordpress/conf/certs/server.key”

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

<VirtualHost *:80>
ServerName wordpress.example.com
ServerAlias www.wordpress.example.com
DocumentRoot “/opt/bitnami/apps/wordpress/htdocs”

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

<VirtualHost *:443>
ServerName wordpress.example.com
ServerAlias www.wordpress.example.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/server.crt"
SSLCertificateKeyFile “/opt/bitnami/apps/wordpress/conf/certs/server.key”

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

Just change all the SSLCertificateFile and SSLCertificateKeyFile lines. So from what you posted:

SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apps/wordpress/conf/certs/server.key"

should be

SSLCertificateFile "/etc/letsencrypt/live/artofchangetherapy.com/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/artofchangetherapy.com/privkey.pem"

in httpd-ssl.conf there are those lines:

SSLCertificateFile “/opt/bitnami/apache2/conf/server.crt”
#SSLCertificateFile “/opt/bitnami/apache2/conf/server-dsa.crt”
#SSLCertificateFile “/opt/bitnami/apache2/conf/server-ecc.crt”

And later down

SSLCertificateKeyFile “/opt/bitnami/apache2/conf/server.key”
#SSLCertificateKeyFile “/opt/bitnami/apache2/conf/server-dsa.key”
#SSLCertificateKeyFile “/opt/bitnami/apache2/conf/server-ecc.key”

Just to replace all of it in the lines above?

Sure. You can ignore the lines that begin with a # if you like.

Well no luck so far I change everything I’ve seen and still looks like the Certificate name mismatch
as far as I see it is still www.example.com Self-signed (:confused:

And you restarted Apache again after making those changes, right?

But of course… :slight_smile:

I see in few files
#SSLCertificateChainFile “/opt/bitnami/apache2/conf/server-ca.crt”

#SSLCACertificatePath “/opt/bitnami/apache2/conf/ssl.crt”

#SSLCACertificateFile “/opt/bitnami/apache2/conf/ssl.crt/ca-bundle.crt”

Do I need to change them?

Looking around I see privkey.pem, serever.crt, server.key in my opt/bitnami/apache2/conf
Do they need to be there or they conflict with SSLCertificate at /etc/letsencrypt/live?

Thanks

Did you mean that those files are actually individually present in that directory, or that a file in that directory mentions them?

they are actually there…

If you’re planning on using Certbot to obtain and install certificates, you should probably have your web server configuration only use the files from /etc/letsencrypt/live, and not, for example, copy those files elsewhere on the system.

I don’t know how they got there, I tried Certbot but it didn’t work probably because I use Bitnami.
It did work with webroot but now I have a problem with pointing the site to the certificate.
So I’m looking for ways to get the SSL without fucking up my site completely.
Is it safe to delete those files?