Configuring Certbot to work on Bitnami Apache

Thanks for your patience

This is what come up what that information means?

artofchangetherapy@artofcangetherapy-vm:~$ sudo openssl x509 -in /opt/bitnami/apache2/conf/server.crt -text -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
ed:07:1e:6c:0a:08:e0:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=www.example.com
Validity
Not Before: Mar 6 22:29:23 2017 GMT
Not After : Mar 4 22:29:23 2027 GMT
Subject: CN=www.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c8:d4:8e:86:5f:de:00:5b:9d:f2:01:cc:eb:ab:
75:bc:c2:8a:20:4a:40:6a:eb:96:b3:89:93:c0:12:
b9:5a:41:52:ba:52:18:69:4d:46:d2:c3:55:77:86:
87:a8:55:2c:a5:5a:cd:97:0c:01:40:dd:91:a9:75:
18:4a:38:65:e1:b1:b0:e8:97:0a:aa:26:c8:76:f7:
4c:86:d6:42:44:ea:b9:8f:e7:a6:ac:82:b2:97:01:
28:8b:3e:97:8b:48:24:01:cf:42:2f:14:a8:15:78:
37:48:52:63:c6:78:7a:9e:cd:98:0d:3d:5d:9a:b3:
e1:41:25:73:33:6e:a1:c5:88:11:f5:d8:ae:ca:89:
a3:9b:21:c1:df:29:83:77:88:d3:37:9f:08:6e:72:
7c:55:d6:d1:a9:89:4d:85:49:e2:39:f4:fc:42:16:
30:d5:50:4a:80:b2:3e:12:17:8a:cc:5e:7b:74:66:
85:2b:08:82:45:78:ea:8b:a1:82:a2:29:ed:90:34:
1c:35:bb:7e:a8:3d:b6:41:ce:23:61:a8:58:21:80:
aa:a1:41:0c:3e:e2:8d:77:8c:c9:98:27:74:e2:26:
e8:da:7e:34:4e:03:5a:e0:ee:f4:e2:ad:4c:9f:85:
59:9c:f2:3a:66:78:96:ce:21:fb:ed:fb:87:d0:f3:
e6:81
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
29:94:3d:88:fc:e4:c5:2c:63:e1:14:93:4a:dc:35:68:b9:5c:
bd:a9:df:52:8e:1c:43:d3:bf:de:a4:aa:36:70:ff:b8:62:e2:
35:a6:09:a3:a6:80:c5:2d:2a:7c:a5:1a:3c:d8:4f:7a:6e:9d:
20:cf:25:8b:a6:35:59:bb:c3:d2:d8:fc:74:72:3d:8b:af:df:
b9:aa:06:d1:22:73:84:ce:84:3e:f9:57:a5:02:b2:30:a3:5b:
c7:77:52:70:3b:72:b7:61:bc:ae:37:c1:e4:44:12:9d:97:15:
13:92:d2:b7:1c:f3:cf:fd:e1:37:a2:68:d9:c1:43:01:0b:dc:
4d:af:06:d6:7b:2b:3c:f8:79:ce:6f:ef:43:af:ef:2c:fe:7a:
25:8a:bc:62:20:11:f1:e8:1f:4c:d4:6e:77:55:60:6a:27:69:
a8:ac:8d:5a:0f:86:82:87:4a:e0:98:93:b2:62:28:84:3c:10:
4c:97:06:2f:f4:c5:dc:32:b1:b3:12:7f:62:97:c3:74:84:99:
53:38:b1:e2:29:4c:dc:66:b6:f3:c0:37:23:3c:2b:76:f1:02:
cb:ed:6b:2c:e1:ed:fd:c2:10:98:cc:13:5d:dd:a7:04:aa:1c:
5e:b8:8c:89:3f:f4:76:06:fc:a8:1e:6a:2e:dd:9c:b1:2b:e7:
ee:4e:57:5b

artofchangetherapy@artofcangetherapy-vm:~$ sudo openssl x509 -in /etc/letsencrypt/live/artofchangetherapy.com/cert.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:1e:95:73:78:cf:c8:aa:15:31:fa:90:c2:d2:0b:07:81:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
Validity
Not Before: Apr 30 01:02:00 2017 GMT
Not After : Jul 29 01:02:00 2017 GMT
Subject: CN=artofchangetherapy.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:db:67:cd:98:f2:95:bc:7f:4d:90:e7:05:4f:9c:
4d:34:32:3a:b8:88:28:2e:8f:79:d9:a1:e8:76:44:
45:64:2a:1d:be:60:b0:0e:94:52:83:20:69:59:3a:
b6:30:51:c8:a5:cb:d1:e6:8b:22:b8:9b:e7:95:df:
89:21:04:c4:8e:44:7a:b3:28:30:02:cb:06:f6:b8:
50:9f:9d:5d:cd:11:c0:4c:cf:dd:6d:8d:2b:f0:e9:
c2:4e:ee:53:5f:e5:61:53:fc:b9:34:e2:32:93:6c:
6a:0e:60:36:95:31:78:64:21:fc:3b:cc:dd:1f:f2:
6d:ce:0e:9b:bb:16:df:8c:4a:c0:44:92:c2:f2:76:
b1:09:5a:01:22:f3:d0:c1:a9:d1:66:65:85:6a:8f:
67:c0:e0:33:3d:43:ae:72:30:5d:18:9b:59:06:e4:
1f:6f:9b:66:75:68:a3:52:c8:5a:6b:29:42:7c:7c:
d0:42:8a:17:ae:cd:c8:89:96:5a:1d:41:cc:18:59:
5d:22:e0:a4:39:3c:3e:22:ce:24:99:2d:75:dc:c7:
0b:d7:35:2c:e1:cd:cb:83:34:30:77:eb:e0:a7:4d:
b2:47:97:7d:d5:4d:d1:ca:80:42:fe:64:bc:5b:04:
90:bc:d7:bb:69:49:1c:49:44:52:f2:2e:bf:d0:3e:
ae:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1C:00:E8:C7:D3:78:CF:EB:A2:92:49:33:BB:D2:62:CC:EC:72:2A:69
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

        Authority Information Access: 
            OCSP - URI:http://ocsp.int-x3.letsencrypt.org/
            CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

        X509v3 Subject Alternative Name: 
            DNS:artofchangetherapy.com, DNS:www.artofchangetherapy.com
        X509v3 Certificate Policies: 
            Policy: 2.23.140.1.2.1
            Policy: 1.3.6.1.4.1.44947.1.1.1
              CPS: http://cps.letsencrypt.org
              User Notice:
                Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/

Signature Algorithm: sha256WithRSAEncryption
     39:1d:10:ef:44:6c:60:80:79:7a:dd:44:e0:66:8a:af:f9:81:
     2d:2f:95:eb:76:10:4c:ed:09:95:ff:68:4c:19:85:d0:f2:31:
     e8:37:b4:12:4c:4c:ef:52:ee:c5:8e:96:7c:1a:30:19:ca:0e:
     aa:79:77:52:b8:2a:d4:9e:75:40:6a:2e:4f:58:3b:94:53:21:
     75:93:e0:49:64:bb:cc:95:46:f7:45:e3:de:51:92:9a:a9:90:
     70:3a:ae:65:ec:90:90:78:ba:af:17:6a:c8:b4:0a:17:f8:e4:
     ad:65:86:3a:e6:a4:47:fd:63:28:99:72:42:2e:7b:9b:07:ce:
     71:8e:7d:70:e6:7f:b8:2d:d8:b9:27:64:be:b8:cd:29:74:15:
     0c:f9:54:31:9b:5a:47:10:8b:aa:b0:8f:1d:8f:f2:79:8e:b3:
     15:a3:64:32:b1:04:4e:33:bc:86:ef:ed:48:44:ab:5e:29:cb:
     f4:80:bf:1f:51:2b:6a:17:e0:7e:61:20:7d:74:93:28:04:c0:
     93:c5:42:57:0d:68:66:11:5c:57:55:e4:e3:bf:24:6f:4a:7b:
     a0:17:37:5e:97:e1:3c:ae:5d:cd:b2:fe:e1:71:5f:2b:b1:2c:
     96:3d:d1:e0:61:b8:5b:5f:cb:06:c9:c1:8c:8d:6b:f0:b1:44:
     ac:96:13:b9

The first certificate is a sample or test certificate which is a self-signed certificate for example.com. This certificate cannot be used for any useful authentication purpose, but only for testing.

The second certificate is a real, valid Let’s Encrypt certificate for your site. This one can be used to authenticate your site to visitors.

If you make your nginx configuration files correctly refer to /etc/letsencrypt/live/artofchangetherapy.com/fullchain.pem for the certificate and to /etc/letsencrypt/live/artofchangetherapy.com/privkey.pem for the private key, your certificate should work properly.

Thanks for all your help my site is SSL now.

Awesome, I’m glad it worked out!

I seem to be having the same issue.

sudo openssl x509 -in /opt/bitnami/apache2/conf/server.crt -text -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
ed:07:1e:6c:0a:08:e0:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=www.example.com
Validity
Not Before: Mar 6 22:29:23 2017 GMT
Not After : Mar 4 22:29:23 2027 GMT
Subject: CN=www.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c8:d4:8e:86:5f:de:00:5b:9d:f2:01:cc:eb:ab:
75:bc:c2:8a:20:4a:40:6a:eb:96:b3:89:93:c0:12:
b9:5a:41:52:ba:52:18:69:4d:46:d2:c3:55:77:86:
87:a8:55:2c:a5:5a:cd:97:0c:01:40:dd:91:a9:75:
18:4a:38:65:e1:b1:b0:e8:97:0a:aa:26:c8:76:f7:
4c:86:d6:42:44:ea:b9:8f:e7:a6:ac:82:b2:97:01:
28:8b:3e:97:8b:48:24:01:cf:42:2f:14:a8:15:78:
37:48:52:63:c6:78:7a:9e:cd:98:0d:3d:5d:9a:b3:
e1:41:25:73:33:6e:a1:c5:88:11:f5:d8:ae:ca:89:
a3:9b:21:c1:df:29:83:77:88:d3:37:9f:08:6e:72:
7c:55:d6:d1:a9:89:4d:85:49:e2:39:f4:fc:42:16:
30:d5:50:4a:80:b2:3e:12:17:8a:cc:5e:7b:74:66:
85:2b:08:82:45:78:ea:8b:a1:82:a2:29:ed:90:34:
1c:35:bb:7e:a8:3d:b6:41:ce:23:61:a8:58:21:80:
aa:a1:41:0c:3e:e2:8d:77:8c:c9:98:27:74:e2:26:
e8:da:7e:34:4e:03:5a:e0:ee:f4:e2:ad:4c:9f:85:
59:9c:f2:3a:66:78:96:ce:21:fb:ed:fb:87:d0:f3:
e6:81
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
29:94:3d:88:fc:e4:c5:2c:63:e1:14:93:4a:dc:35:68:b9:5c:
bd:a9:df:52:8e:1c:43:d3:bf:de:a4:aa:36:70:ff:b8:62:e2:
35:a6:09:a3:a6:80:c5:2d:2a:7c:a5:1a:3c:d8:4f:7a:6e:9d:
20:cf:25:8b:a6:35:59:bb:c3:d2:d8:fc:74:72:3d:8b:af:df:
b9:aa:06:d1:22:73:84:ce:84:3e:f9:57:a5:02:b2:30:a3:5b:
c7:77:52:70:3b:72:b7:61:bc:ae:37:c1:e4:44:12:9d:97:15:
13:92:d2:b7:1c:f3:cf:fd:e1:37:a2:68:d9:c1:43:01:0b:dc:
4d:af:06:d6:7b:2b:3c:f8:79:ce:6f:ef:43:af:ef:2c:fe:7a:
25:8a:bc:62:20:11:f1:e8:1f:4c:d4:6e:77:55:60:6a:27:69:
a8:ac:8d:5a:0f:86:82:87:4a:e0:98:93:b2:62:28:84:3c:10:
4c:97:06:2f:f4:c5:dc:32:b1:b3:12:7f:62:97:c3:74:84:99:
53:38:b1:e2:29:4c:dc:66:b6:f3:c0:37:23:3c:2b:76:f1:02:
cb:ed:6b:2c:e1:ed:fd:c2:10:98:cc:13:5d:dd:a7:04:aa:1c:
5e:b8:8c:89:3f:f4:76:06:fc:a8:1e:6a:2e:dd:9c:b1:2b:e7:
ee:4e:57:5b

I'm not quite sure how to make the edits / changes necessary to make my site SSL (jefvandegraaf.com)

What is the configuration required for nginx?

I saw from another thread that you figured it out in the meantime.

That file /opt/bitnami/apache2/conf/server.crt seems to be an example certificate that comes with Bitnami, and so it should not be used for real website deployments. If you’re using Certbot, your real certificates will end up in /etc/letsencrypt/live.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.