Error installing cert on Lightsail WordPress instance

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: acsls.org

I ran this command: sudo certbot --apache

It produced this output: It’s very long. Copied to end of this below.

My web server is (include version): Apache/2.4.41 (Unix)

The operating system my web server runs on is (include version): Ununtu 16.04.6

My hosting provider, if applicable, is: Amazon Lightsail

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

=====> RESULTS from running sudo certbot --apache <=======

You have an existing certificate that has exactly the same domains or certificate name you
requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/acsls.org.conf)

What would you like to do?


1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Keeping the existing certificate
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf

Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, u
sing 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using [‘apache2ctl’, ‘graceful’]
Rolling back to previous server configuration…
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, u
sing 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using [‘apache2ctl’, ‘graceful’]
Encountered exception during recovery:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2185, in _rel
oad
util.run_script(self.option(“restart_cmd”))
File “/usr/lib/python3/dist-packages/certbot/util.py”, line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, u
sing 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 526, in deploy_certificate
self.installer.restart()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2175, in rest
art
self._reload()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2203, in _rel
oad
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, u
sing 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2185, in _rel
oad
util.run_script(self.option(“restart_cmd”))
File “/usr/lib/python3/dist-packages/certbot/util.py”, line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, u
sing 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/error_handler.py”, line 108, in _call_regis
tered
self.funcs-1
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 626, in _rollback_and_rest
art
self.installer.restart()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2175, in rest
art
self._reload()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2203, in _rel
oad
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, u
sing 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, u
sing 127.0.0.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

IMPORTANT NOTES:

  • An error occurred and we failed to restore your config and restart
    your server. Please post to
    https://community.letsencrypt.org/c/server-config with details
    about your configuration and this error you received.
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/acsls.org/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/acsls.org/privkey.pem
    Your cert will expire on 2020-10-15. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

================================================

TRIED TO RUN “sudo certbot certonly --apache” as suggested:

bitnami@ip-172-26-10-153:/opt$ sudo certbot certonly --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): acsls.org
Attempting to parse the version 1.6.0 renewal configuration file found at /etc/letsencrypt/renewal/acsls.org.conf
with version 0.31.0 of Certbot. This might not work.
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t cl
ose to expiry.
(ref: /etc/letsencrypt/renewal/acsls.org.conf)

What would you like to do?


1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Renewing an existing certificate

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/acsls.org/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/acsls.org/privkey.pem
    Your cert will expire on 2020-10-16. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

1 Like

Bitnami uses a highly customized setup which the Certbot Apache installer can’t understand.

Follow Bitnami’s own instructions for setting up SSL: https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

I had followed those instructions last night (a number of times) but will try again. Maybe a clear head. That domain was hosted at a different IP address (different Lightsail Instance). I just stopped that instance thinking it could be part of the issue. Got that idea after running the SSL Labs test where I got these results:

Certificate name mismatch
Click here to ignore the mismatch and proceed with the tests

Alternate names not found in the certificate

What does this mean?

We were able to retrieve a certificate for this site, but the domain names listed in it do not match the domain name you requested us to inspect. It's possible that:

  • The web site does not use SSL, but shares an IP address with some other site that does.
  • The web site no longer exists, yet the domain name still points to the old IP address, where some other site is now hosted.
  • The web site uses a content delivery network (CDN) that does not support SSL.
  • The domain name is an alias for a web site whose main name is different, but the alias was not included in the certificate by mistake.
1 Like

Well, I tried to use the bitnami HTTPS Configuration Tool as it looks like it would do everything I need. It starts fine but then I get this error and not sure how to stop services. I’ll admit, I am not really understanding the issues. I have another Lightsail instance (non WordPress) and had no issues getting that certificate installed.

Error: There has been an error.
Cannot bind to port 80 and/or 443. These ports are used for Let’s Encrypt to
verify the domain DNS configuration. Please stop any services using those ports,
and ensure your system user has permissions to bind to them.
Press [Enter] to continue:

1 Like

Finally got the certificate installed and site now running under SSL. Was not an easy task. Have issues when I reboot the server. Will open a new thread on that as it is related to this, but not quite the same (and this one has a lot in it that no longer applies). I can’t figure out how to close this one.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.