Configuring Certbot to work on Bitnami Apache

Help
21

[quote=“jmorahan, post:14, topic:32279”]
certbot certificates
[/quotIt

looks like you are right I did a manual install and it worked till a point.
I now got a message

Domain: www.artofchangetherapy.com
Type: unauthorized
Detail: Invalid response from
http://www.artofchangetherapy.com/.well-known/acme-challenge/vAA2Ac3SpCkF9GOqkPH2yK4f-pck4RixUs0qj5x7ER8:
"

<html id=" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. my site is live site so assume that the DNS is right, Or is the problem is in the .well known folder? Thanks
22

So the command I suggested above:

certbot certonly --webroot -w /opt/bitnami/apache2/htdocs -d example.com -d www.example.com --post-hook="/opt/bitnami/ctlscript.sh restart apache"

might need some modification if you’ve made changes to the default Bitnami setup - or if for some other reason your VM is different from the one I downloaded. Most likely culprit is the /opt/bitnami/apache2/htdocs. If your website files (Wordpress) are in a different location, you’ll have to specify that location instead.

If you’re not sure, try placing some a test text file wherever you think it should be, and see if you can access it with a web browser.

23

I didn’t do any change to Bitnami My WP is install in /opt/bitnami/apps/wordpress/htdocs/
my .welknown is at /opt/bitnami/apache2/htdocs
I see my .wellknown is empty and I don’t see acme-challenge folder is it something I need to add?

24

You probably just need to specify /opt/bitnami/apps/wordpress/htdocs/ instead of /opt/bitnami/apache2/htdocs in the certbot command.

25

It looks like it worked but I now have https with a cross line on it and it say not secure so probably I need to have another step for perfection :slight_smile:

26

I was looking on /www.ssllabs.com it tells me that I have www.example.com MISMATCH
Do you maybe know how do I fix that?

27

you are still using a self singed certificate

image.png1184×688 24.7 KB

you need to go to your Apache VHOST file and point the cert/intermediate/key to LetsEncrypt certificates and restart apache

the command you ran above does not do that for you

Andrei

28

Ok, so how I do it manually?

29

scroll up and read :smiley:

@jmorahan provided very detailed instructions

image.png944×392 28.2 KB

1 Like
30

Is there any way to override that default in Certbot?

great link to the CLI confs

The only way I can think of is to replace the dictionary or maybe add a more specific match

Will play and let you know

Andrei

31

I did a check for certbot certificates

Found the following certs:
Certificate Name: artofchangetherapy.com
Domains: artofchangetherapy.com www.artofchangetherapy.com
Expiry Date: 2017-07-29 01:02:00+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/artofchangetherapy.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/artofchangetherapy.com/privkey.pem

Looks good to me but I still get https not trusted…?

32

did you reboot apache? self signed cert is still in use

Andrei

33

I used /opt/bitnami/ctlscript.sh restart apache.
looks like it did a restart

34

I did a check with /www.ssllabs.com and still get name mismatch it looks like on the certificates it still say
www.exemple.com

35

I'm not sure that I get the certificate name right. When I type certbot certificates.
I get
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
cert.
certbot: error: unrecognized arguments: certificates.

36

Older versions of Certbot don't support the certbot certificates command, but not to worry - the certificate name is also included in the output you posted above; it's part of the certificate path. It's artofchangetherapy.com

I'd guess that you have some other virtual host also referring to the old self-signed certificate, and Apache is picking that up instead of the default configuration. Perhaps something added by Bitnami's Wordpress installer, if you didn't do it yourself. Have a look, using something like

grep -lr SSLCertificate /opt/bitnami

to find where the additional file might be, where you need to make the same change, and restart apache again.

37

If you find anything, post it here :slight_smile:

38

This what come out

artofchangetherapy@artofcangetherapy-vm:~$ sudo grep -lr SSLCertificate /opt/bitnami
/opt/bitnami/apache2/conf/bitnami/bitnami.conf
/opt/bitnami/apache2/conf/extra/httpd-ssl.conf
/opt/bitnami/apache2/conf/original/extra/httpd-ssl.conf
/opt/bitnami/apache2/modules/mod_ssl.so
/opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf
/opt/bitnami/apps/phpmyadmin/conf/httpd-vhosts.conf
/opt/bitnami/php/lib/php/AWSSDKforPHP/services/elb.class.php

39

That would be my guess as to the most likely suspect, so try making the change there first. Failing that, try all the files ending in .conf until you find the right one :slight_smile:

40

Just to be on the safe side my httpd-vhosts.conf file
do I change all the example.com artofchangetherapy.com or do i need to add lines into it?

<VirtualHost *:80>
ServerName wordpress.example.com
ServerAlias www.wordpress.example.com
DocumentRoot “/opt/bitnami/apps/wordpress/htdocs”

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

<VirtualHost *:443>
ServerName wordpress.example.com
ServerAlias www.wordpress.example.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/server.crt"
SSLCertificateKeyFile “/opt/bitnami/apps/wordpress/conf/certs/server.key”

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"