Configuring Certbot to work on Bitnami Apache

thebigf · April 30, 2017, 8:52am

<VirtualHost *:80>
ServerName wordpress.example.com
ServerAlias www.wordpress.example.com
DocumentRoot “/opt/bitnami/apps/wordpress/htdocs”

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

<VirtualHost *:443>
ServerName wordpress.example.com
ServerAlias www.wordpress.example.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/server.crt"
SSLCertificateKeyFile “/opt/bitnami/apps/wordpress/conf/certs/server.key”

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

jmorahan · April 30, 2017, 8:58am

Just change all the SSLCertificateFile and SSLCertificateKeyFile lines. So from what you posted:

SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apps/wordpress/conf/certs/server.key"

should be

SSLCertificateFile "/etc/letsencrypt/live/artofchangetherapy.com/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/artofchangetherapy.com/privkey.pem"

thebigf · April 30, 2017, 9:32am

in httpd-ssl.conf there are those lines:

SSLCertificateFile “/opt/bitnami/apache2/conf/server.crt”
#SSLCertificateFile “/opt/bitnami/apache2/conf/server-dsa.crt”
#SSLCertificateFile “/opt/bitnami/apache2/conf/server-ecc.crt”

And later down

SSLCertificateKeyFile “/opt/bitnami/apache2/conf/server.key”
#SSLCertificateKeyFile “/opt/bitnami/apache2/conf/server-dsa.key”
#SSLCertificateKeyFile “/opt/bitnami/apache2/conf/server-ecc.key”

Just to replace all of it in the lines above?

jmorahan · April 30, 2017, 9:46am

Sure. You can ignore the lines that begin with a # if you like.

thebigf · April 30, 2017, 10:18am

Well no luck so far I change everything I’ve seen and still looks like the Certificate name mismatch
as far as I see it is still www.example.com Self-signed (

jmorahan · April 30, 2017, 11:34am

And you restarted Apache again after making those changes, right?

thebigf · April 30, 2017, 7:58pm

But of course…

I see in few files
#SSLCertificateChainFile “/opt/bitnami/apache2/conf/server-ca.crt”

#SSLCACertificatePath “/opt/bitnami/apache2/conf/ssl.crt”

#SSLCACertificateFile “/opt/bitnami/apache2/conf/ssl.crt/ca-bundle.crt”

Do I need to change them?

thebigf · May 1, 2017, 10:05pm

Looking around I see privkey.pem, serever.crt, server.key in my opt/bitnami/apache2/conf
Do they need to be there or they conflict with SSLCertificate at /etc/letsencrypt/live?

Thanks

schoen · May 1, 2017, 10:17pm

Did you mean that those files are actually individually present in that directory, or that a file in that directory mentions them?

thebigf · May 1, 2017, 10:19pm

they are actually there…

schoen · May 1, 2017, 10:22pm

If you’re planning on using Certbot to obtain and install certificates, you should probably have your web server configuration only use the files from /etc/letsencrypt/live, and not, for example, copy those files elsewhere on the system.

thebigf · May 1, 2017, 10:30pm

I don’t know how they got there, I tried Certbot but it didn’t work probably because I use Bitnami.
It did work with webroot but now I have a problem with pointing the site to the certificate.
So I’m looking for ways to get the SSL without fucking up my site completely.
Is it safe to delete those files?

schoen · May 1, 2017, 10:33pm

I would suggest not deleting them right away in case they are copies of certificates that you really want for some reason. But I don’t think you should use them in your server configuration.

thebigf · May 1, 2017, 10:41pm

I didn’t make those copies.
My problem at the moment is to configure the server correctly, I changed the lines in bitnami.conf.
to SSLCertificateFile “/opt/bitnami/apache2/conf/server.crt” SSLCertificateKeyFile "/opt/bitnami/apache2.conf/server.key"
but I still get a mismatch on certificate name it still say www.exemple.com
Any advice?

schoen · May 1, 2017, 10:51pm

They should probably be the /etc/letsencrypt/live ones instead.

You can check what each certificate file refers to with the command

openssl x509 -in example-cert.pem -text -noout

in order to find which certificate is right for your site.

thebigf · May 1, 2017, 10:56pm

This is what I get
Error opening Certificate example-cert.pem
140534303303312:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen(‘example-cert.pem’,‘r’)
140534303303312:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load certificate

schoen · May 1, 2017, 10:57pm

Sorry, I didn’t mean the literal filename example-cert.pem. You can put the name of individual files that you’re curious about there in order to see what their contents are.

thebigf · May 1, 2017, 11:08pm

Oops, sorry for that.

it is still not really working

artofchangetherapy@artofcangetherapy-vm:~$ sudo openssl x509 -in server.crt -text -noout
Error opening Certificate server.crt
139879527732880:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen(‘server.crt’,‘r’)
139879527732880:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load certificate

thebigf · May 1, 2017, 11:12pm

I see in /etc/letsencrypt/live/artofchangetherapy.com
directories of cert.pem,privkey.pem etc but I I don’t have permission to see what inside them

schoen · May 1, 2017, 11:24pm

You need to give the path for each file (indicating what directory it’s inside of or how to find that directory relative to your current directory), not just the filename.

E.g.

sudo openssl x509 -in /opt/bitnami/apache2/conf/server.crt -text -noout

sudo openssl x509 -in /etc/letsencrypt/live/artofchangetherapy.com/cert.pem -text -noout