Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Last login: Sat Jan 1 11:07:10 2022 from 54.239.116.69
bitnami@ip-172-26-15-224:~$ DOMAIN=domain
bitnami@ip-172-26-15-224:~$
bitnami@ip-172-26-15-224:~$ DOMAIN=jimmyhua-website.com
bitnami@ip-172-26-15-224:~$
bitnami@ip-172-26-15-224:~$ WILDCARD=*.$DOMAIN
bitnami@ip-172-26-15-224:~$
bitnami@ip-172-26-15-224:~$ sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-chal
lenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for jimmyhua-website.com
dns-01 challenge for jimmyhua-website.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.jimmyhua-website.com with the following value:
fEj_pP10mcLIUWXPMd7iXwz87AtQ8i64pkaI4CP5-Ck
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.jimmyhua-website.com with the following value:
0PMJXdq-r_CFmVRA1ntR3B707dnOEQE7BafrL0jH0Y8
Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. jimmyhua-website.com (dns-01): urn:ietf:params:acme:error:
dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.jimmyhua-website.com - che
ck that a DNS record exists for this domain, jimmyhua-website.com (dns-01): urn:ietf:param
s:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.jimmyhua-webs
ite.com - check that a DNS record exists for this domain
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: jimmyhua-website.com
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.jimmyhua-website.com - check that a DNS record
exists for this domain
Domain: jimmyhua-website.com
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.jimmyhua-website.com - check that a DNS record
exists for this domain
I do not know why your earlier attempts failed but the one you showed failed because there is no TXT record with the value it shows. You have 5 TXT records so maybe delete those and make just a new one for your next attempt. See a site like this to confirm: https://toolbox.googleapps.com/apps/dig/#TXT/
Enter _acme-challenge.jimmyhua-website.com in that googleapps page and view the TXT records.
Note the first TXT record has an invalid format for the data - too many quotes
Update: There is something odd about your name servers too. Usually Route53 DNS do not show any problems but yours has an issue with the glue record for dns-49. See: https://dnsviz.net/d/jimmyhua-website.com/dnssec/
I am not expert with DNS to advise more about this but thought it useful to show.
I have never used that procedure but it looks like it is wrong.
The .csr file is not used by Apache so there is no file to backup. And, in the next step #5 it only has you using the fullchain and privkey files - as is usual. I think you can omit the line from step #4 that backs up the csr file and it should be fine.
Probably something that was needed for some other process and never got updated for Let's Encrypt.
Update:@jimmyhua123 Your DNS also looks wrong. It says:
The 172 IP is an internal AWS IP and should not be used for the public internet access. You should remove that IP from your DNS. I can reach your 15. IP but a connection is refused on ports 80 and 443. You should check your AWS Security Groups to ensure they allow connections.
Thank you first bro
i delete 172.26.15.224 and try to restart the whole step and i found in english part have `Enter the following commands individually to create links to your Let’s Encrypt certificate files in the Apache directory. Refer to the Important block at the beginning of this tutorial for information about the different distributions and file structures.
For Debian Linux distributions
Approach A (Bitnami installations using system packages):
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/apache2/conf/bitnami/certs/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt
Approach B (Self-contained Bitnami installations):
sudo ln -sf /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key
sudo ln -sf /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt
For older instances that use the Ubuntu Linux distribution:
sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache/conf/bitnami/certs/server.key
sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache/conf/bitnami/certs/server.crt
`
but in my language
個別輸入下列命令,以重新命名現有的憑證檔案做為備份 (若有):
對於使用 Debian Linux 發行版的較新執行個體:
sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
對於使用 Ubuntu Linux 發行版的較舊實例:
sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.crt /opt/bitnami/apache/conf/bitnami/certs/server.crt.old
sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.key /opt/bitnami/apache/conf/bitnami/certs/server.key.old
sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.csr /opt/bitnami/apache/conf/bitnami/certs/server.csr.old
個別輸入下列命令,以在 Apache 伺服器目錄中建立至您 Let's Encrypt 憑證檔案的連結:
對於使用 Debian Linux 發行版的較新執行個體:
sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key
sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt
對於使用 Ubuntu Linux 發行版的較舊實例:
sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache/conf/bitnami/certs/server.key
sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache/conf/bitnami/certs/server.crt```
lost Approach A and Approach B so iam going to do it in english way
`
bitnami@ip-172-26-15-224:~$ DOMAIN=jimmyhua-website.com
bitnami@ip-172-26-15-224:~$ WILDCARD=*.$DOMAIN
bitnami@ip-172-26-15-224:~$ echo $DOMAIN && echo $WILDCARD
jimmyhua-website.com
*.jimmyhua-website.com
bitnami@ip-172-26-15-224:~$ sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to ex
piry.
(ref: /etc/letsencrypt/renewal/jimmyhua-website.com.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal; no action taken.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
bitnami@ip-172-26-15-224:~$ sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.crt /opt/bitnami/apache2/conf/bitnami/c
erts/server.crt.old
bitnami@ip-172-26-15-224:~$ sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.key /opt/bitnami/apache2/conf/bitnami/c
erts/server.key.old
bitnami@ip-172-26-15-224:~$ echo $DOMAIN
jimmyhua-website.com
bitnami@ip-172-26-15-224:~$ sudo ln -sf /opt/bitnami/letsencrypt/certificates/jimmyhua-website.com.key /opt/bitnami/apache
2/conf/bitnami/certs/server.key
bitnami@ip-172-26-15-224:~$ sudo ln -sf /opt/bitnami/letsencrypt/certificates/jimmyhua-website.com.crt /opt/bitnami/apache
2/conf/bitnami/certs/server.crt
bitnami@ip-172-26-15-224:~$ sudo /opt/bitnami/ctlscript.sh start
Starting services..
Job for bitnami.service failed because the control process exited with error code.
See "systemctl status bitnami.service" and "journalctl -xe" for details.
bitnami@ip-172-26-15-224:~$ sudo /opt/bitnami/ctlscript.sh stop
Stoping services..
bitnami@ip-172-26-15-224:~$ echo $DOMAIN
jimmyhua-website.com
bitnami@ip-172-26-15-224:~$ sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
mv: cannot stat '/opt/bitnami/apache2/conf/server.crt': No such file or directory
bitnami@ip-172-26-15-224:~$ sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.crt /opt/bitnami/apache/conf/bitnami/cer
ts/server.crt.old
bitnami@ip-172-26-15-224:~$ sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.key /opt/bitnami/apache/conf/bitnami/cer
ts/server.key.old
bitnami@ip-172-26-15-224:~$ sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.csr /opt/bitnami/apache/conf/bitnami/cer
ts/server.csr.old
mv: cannot stat '/opt/bitnami/apache/conf/bitnami/certs/server.csr': No such file or directory
bitnami@ip-172-26-15-224:~$ sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache/conf/bitnami/certs/se
rver.key
bitnami@ip-172-26-15-224:~$ sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache/conf/bitnami/certs/
server.crt
bitnami@ip-172-26-15-224:~$ sudo /opt/bitnami/ctlscript.sh start
Starting services..
bitnami@ip-172-26-15-224:~$ sudo chmod 666 /opt/bitnami/wordpress/wp-config.php && sudo chmod 666 /opt/bitnami/apache/conf
/vhosts/htaccess/wordpress-htaccess.conf
chmod: cannot access '/opt/bitnami/apache/conf/vhosts/htaccess/wordpress-htaccess.conf': No such file or directory
bitnami@ip-172-26-15-224:~$ sudo chmod 666 /opt/bitnami/apps/wordpress/htdocs/wp-config.php && sudo chmod 666 /opt/bitnami
/apps/wordpress/conf/htaccess.conf
chmod: cannot access '/opt/bitnami/apps/wordpress/htdocs/wp-config.php': No such file or directory
bitnami@ip-172-26-15-224:~$
`
so i try the step 7 ,use Approach A but failed
`
Job for bitnami.service failed because the control process exited with error code.
See "systemctl status bitnami.service" and "journalctl -xe" for details.
bitnami@ip-172-26-15-224:~$ sudo /opt/bitnami/ctlscript.sh stop`
,Approach B also failed
` sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
mv: cannot stat '/opt/bitnami/apache2/conf/server.crt': No such file or directory`
so i use
For older instances that use the Ubuntu Linux distribution:
sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.crt /opt/bitnami/apache/conf/bitnami/certs/server.crt.old
sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.key /opt/bitnami/apache/conf/bitnami/certs/server.key.old
sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.csr /opt/bitnami/apache/conf/bitnami/certs/server.csr.old`
and it didn't say going wrong or something ,so i going to next step ,step8
and failed
`
bitnami@ip-172-26-15-224:~$ sudo chmod 666 /opt/bitnami/wordpress/wp-config.php && sudo chmod 666 /opt/bitnami/apache/conf
/vhosts/htaccess/wordpress-htaccess.conf
chmod: cannot access '/opt/bitnami/apache/conf/vhosts/htaccess/wordpress-htaccess.conf': No such file or directory
bitnami@ip-172-26-15-224:~$ sudo chmod 666 /opt/bitnami/apps/wordpress/htdocs/wp-config.php && sudo chmod 666 /opt/bitnami
/apps/wordpress/conf/htaccess.conf
chmod: cannot access '/opt/bitnami/apps/wordpress/htdocs/wp-config.php': No such file or directory`
and i open my wordpress website see the Really Simple SSL plug-in it says
`` 74%
SSL is activated on your site. You still have 5 tasks open.
The .htaccess file is not writable. You can either use the WordPress redirect, add the rules manually, or set the file to [writable](https://really-simple-ssl.com/knowledge-base/htaccess-wp-config-files-not-writable/). [More info](https://really-simple-ssl.com/knowledge-base/manually-insert-htaccess-redirect-http-to-https/) or [dismiss](https://jimmyhua-website.com/wp-admin/options-general.php?page=rlrsssl_really_simple_ssl#) X
Open SSL is now activated. Check if your website is secure by following this article. [More info](https://really-simple-ssl.com/knowledge-base/how-to-track-down-mixed-content-or-insecure-content/) or [dismiss](https://jimmyhua-website.com/wp-admin/options-general.php?page=rlrsssl_really_simple_ssl#)1 X
Open Don't forget to change your settings in Google Analytics and Search Console. [More info](https://really-simple-ssl.com/knowledge-base/how-to-setup-google-analytics-and-google-search-consolewebmaster-tools/) or [dismiss](https://jimmyhua-website.com/wp-admin/options-general.php?page=rlrsssl_really_simple_ssl#)1 X
Open The following recommended security headers are not detected:
`Upgrade Insecure RequestsX-XSS protectionX-Content Type OptionsReferrer-PolicyExpect-CTX-Frame-OptionsPermissions-PolicyHTTP Strict Transport Security` [More info](https://really-simple-ssl.com/everything-you-need-to-know-about-security-headers) or [dismiss](https://jimmyhua-website.com/wp-admin/options-general.php?page=rlrsssl_really_simple_ssl#)
OH it suddenly work and i can see this lock icon in the address bar!!
I actually dont know why have bugs and why success ?
But thanks everyone for helping me with my bad english ,and is time to end my holiday today i am going to being a soldier see u guys next time .
So who i should to give Solution
