Connection Refused after updating SSL Cert?

I use LightSail on AWS to host a very basic website for an organization and I recently went to renew the SSL cert. The SSL cert was renewed fine through this instruction set:


I basically successfully renewed it and now it seems I am locked out.

1 Like

Welcome to the forum @RumZ1337

80/tcp  closed http
443/tcp closed https

Everyone is locked out. Firewall? Router? Provider?
Ports 80 and 443 need to be open to start with.

1 Like

I don't understand... would they close when I update an SSL Cert? If not, how do I open them?

1 Like

To be clear, the website was fully functional until I went to renew the SSL cert.

1 Like

To be honest I don't understand either. I don't use AWS or any of the tools you are using so someone else will have to step in to help you resolve the issue.
My contribution was to do some initial recon to verify your site (which is not accessible) and to peek at which ports were open.

1 Like

Understood, this is all very bizarre. Renewing an SSL completely bricking the website.

1 Like

After doing some digging, I found some information about.. starting apche? This was the result.

bitnami@ip-1:~ sudo /opt/bitnami/ start apache AH00526: Syntax error on line 46 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf: SSLCertificateFile: file '/opt/bitnami/apache2/conf/server.crt' does not exist or is empty apache config test fails, aborting Monitored apache bitnami@ip-:~

1 Like

Further along, I found an error saying that server.crt doesn't exist when running this command line:

bitnami@ip-:~$ sudo /opt/bitnami/ start
/opt/bitnami/mysql/scripts/ : mysql (pid 990) already running
/opt/bitnami/php/scripts/ : php-fpm (pid 1074) already running
AH00526: Syntax error on line 46 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file '/opt/bitnami/apache2/conf/server.crt' does not exist or is empty
apache config test fails, aborting

1 Like

After scanning the link you provided I think we will need a bunch more information. Most of what is needed are in the form provided when you opened this thread.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

Welcome to the Let's Encrypt Community, Joseph :slightly_smiling_face:

Apache is failing to start because server.crt was removed somehow. Replace it with a self-signed (aka snake-oil) certificate then start apache.

This should help: